Weaknesses of type CWE-311
301 resultsCVE-2016-10647—node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It mayEPSS 1.8%CVE-2016-10637—haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be pEPSS 1.8%CVE-2016-10611—strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable tEPSS 1.8%CVE-2016-10585—libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resourcEPSS 1.8%CVE-2016-10674—limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves iEPSS 1.7%CVE-2016-10570—pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves EPSS 1.7%CVE-2016-10690—openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources oEPSS 1.7%CVE-2016-10688—Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulEPSS 1.7%CVE-2016-10658—native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITMEPSS 1.7%CVE-2016-10560—galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leEPSS 1.7%CVE-2016-10629—nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attaEPSS 1.7%CVE-2016-10614—httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may EPSS 1.7%CVE-2016-10566—install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over EPSS 1.7%CVE-2016-10620—atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which lEPSS 1.7%CVE-2016-10651—webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerEPSS 1.7%CVE-2016-10646—resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTEPSS 1.7%CVE-2016-10645—grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM EPSS 1.7%CVE-2016-10631—jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vEPSS 1.7%CVE-2016-10689—The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaveEPSS 1.7%CVE-2016-10580—nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It EPSS 1.7%