LiveActive security incident?Get immediate response
CVE archive

June 2016

Browse CVE records published in June 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 828 matching CVEs · Page 3 of 17.

Unknown · CVSS Not scored

CVE-2016-10633: dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG.

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10696: windows-latestchromedriver downloads the latest version of chromedriver.exe.

windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10665: herbivore is a packet sniffing and crafting library.

herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10600: webrtc-native uses WebRTC from chromium project.

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10678: serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vuln...

serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10620: atom-node-module-installer installs node modules for atom-shell applications.

atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10695: The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings.

The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10691: windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary r...

windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10677: google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Cl...

google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10651: webdriver-launcher is a Node.js Selenium Webdriver Launcher.

webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10663: wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources ov...

wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10655: The clang-extra module installs LLVM's clang-extra tools.

The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10670: windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary reso...

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10685: pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, wh...

pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10632: apk-parser2 is a module which extracts Android Manifest info from an APK file.

apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10598: arrayfire-js is a module for ArrayFire for the Node.js platform.

arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10664: mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resour...

mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10582: closurecompiler is a Closure Compiler for node.js.

closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10581: Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for bett...

Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10647: node-air-sdk is an AIR SDK for nodejs.

node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

High · CVSS 7.5

CVE-2016-8390: An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Dis...

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10579: Chromedriver is an NPM wrapper for selenium ChromeDriver.

Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10636: grunt-ccompiler is a Closure Compiler Grunt Plugin.

grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10693: pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over H...

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10638: js-given is a JavaScript frontend to jgiven.

js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10634: scala-standalone-bin is a Binary wrapper for ScalaJS.

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10621: fibjs is a runtime for javascript applictions built on google v8 JS.

fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10587: wasdk is a toolkit for creating WebAssembly modules.

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10599: sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tu...

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10574: apk-parser3 is a module to extract Android Manifest info from an APK file.

apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10667: selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which...

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10609: chromedriver126 is chromedriver version 1.26 for linux OS.

chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

High · CVSS 7.1

CVE-2016-6556: OpenNMS Stored XSS via SNMP Agent Data

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016.

Published Jun 15, 2022 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10615: curses is bindings for the native curses library, a full featured console IO library.

curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10661: phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, wh...

phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-1000342: In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of...

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Published Jun 4, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-1000346: In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully valid...

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.

Published Jun 4, 2018 · Updated Aug 6, 2024