Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-74

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 205 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14397 2 Anydesk, Microsoft 2 Anydesk, Windows 2017-09-19 7.5 HIGH 9.8 CRITICAL
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.
CVE-2016-4010 1 Magento 1 Magento 2017-09-07 7.5 HIGH 9.8 CRITICAL
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
CVE-2017-9861 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2017-08-22 9.0 HIGH 9.8 CRITICAL
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
CVE-2016-1155 1 Google 1 Android 2017-04-24 7.5 HIGH 9.8 CRITICAL
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.
CVE-2016-10131 1 Codeigniter 1 Codeigniter 2017-03-16 7.5 HIGH 9.8 CRITICAL
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.