CVE-2016-10680

HIGH Year: 2016
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-311
View all →

Vulnerability Description

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data.

Related Vulnerabilities

CVE-2016-10557

HIGH
CVSS:8.1(High)

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause ...

CWE-3112016

CVE-2016-10558

HIGH
CVSS:8.1(High)

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause...

CWE-3112016

CVE-2016-10559

HIGH
CVSS:8.1(High)

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable ...

CWE-3112016

CVE-2016-10560

HIGH
CVSS:8.1(High)

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to ca...

CWE-3112016

CVE-2016-10562

HIGH
CVSS:8.1(High)

iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause rem...

CWE-3112016

CVE-2016-10563

HIGH
CVSS:8.1(High)

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this ...

CWE-3112016