The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,599 vulnerabilities with CWE-20
CVE-2017-18382
LOW
cPanel 61.9999.55-62.0.35 - Improper Input Validation in DNS Zone SOA Records
CVSS 2.7
CVE-2017-7189
HIGH
PHP 7.0.0-7.0.15 - Improper Input Validation in fsockopen Address Parsing
CVSS 7.5
CVE-2017-12652
CRITICAL
libpng < 1.6.32 - Improper Input Validation
CVSS 9.8
CVE-2017-5028
MEDIUM
Google Chrome <56.0.2924.76 - Info Disclosure
CVSS 6.5
CVE-2017-8330
MEDIUM
Securifi Almond AL-R096 - Denial of Service via UPnP NewInMessage SOAP Parameter
CVSS 6.5
CVE-2017-6261
HIGH
NVIDIA Vibrante Linux 1.1, 2.0, 2.2 - Denial of Service or Information Disclosure via Insufficient Protection Mechanisms
CVSS 8.2
CVE-2017-11740
HIGH
Zoho ManageEngine Application Manager <13.1 Build 13100 - RCE
CVSS 8.8
CVE-2017-5211
HIGH
Open-Xchange GmbH OX App Suite <7.8.3 - Info Disclosure
CVSS 7.5
CVE-2017-8341
MEDIUM
Open-xchange Appsuite < 7.8.3 - Improper Input Validation
CVSS 5.3
CVE-2017-12795
CRITICAL
openmrs-module-htmlformentry 3.3.2 - Improper Input Validation
CVSS 9.8
CVE-2017-18367
HIGH
libseccomp-golang < 0.9.0 - Improper Input Validation in BPF Generation
CVSS 7.5
CVE-2017-13911
HIGH
macOS X < 10.11.6 - Configuration Issue
CVSS 7.8
CVE-2017-16775
HIGH
Synology SSO Server <2.1.3-0129 - CSRF
CVSS 7.1
CVE-2017-7342
CRITICAL
FortiPortal <= 4.0.0 - Unauthenticated Remote Code Execution via Weak Password Recovery Process
CVSS 9.8
CVE-2017-9376
MEDIUM
ManageEngine ServiceDesk Plus <9314 - Local File Inclusion
CVSS 6.5
CVE-2017-0938
HIGH
airMAX <8.3.2, airMAX <6.0.7, EdgeMAX <1.9.7 - DoS
CVSS 7.5
CVE-2017-18359
HIGH
PostGIS 2.0.0-2.3.2 - Denial of Service via ST_AsX3D Function
CVSS 7.5
CVE-2017-15720
HIGH
Apache Airflow < 1.8.2 - Authenticated Remote Code Execution via Special Object Creation
CVSS 8.8
CVE-2017-3142
MEDIUM
BIND 9.4.0-9.11.1-P1 TSIG Authentication Bypass via AXFR Request
CVSS 5.3
CVE-2017-6921
MEDIUM
Drupal 8.0.0-8.3.3 - Authenticated Arbitrary File Manipulation via REST File Resource
CVSS 5.9
CVE-2017-13891
MEDIUM
iPhone OS < 11.2 - Inconsistent User Interface via State Management
CVSS 6.5
CVE-2017-1002157
CRITICAL
modulemd < 1.3.1 - Remote Code Execution via Unsafe Function
CVSS 9.8
CVE-2017-15402
CRITICAL
Google Chrome < 62.0.3202.74 - Sandbox Escape via Navigation Page State Overwrite
CVSS 9.6
CVE-2017-18320
HIGH
Qualcomm Snapdragon Firmware - Data Abort via QSEE Unload Attempt on Unloaded TEE
CVSS 7.8
CVE-2017-18318
CRITICAL
Qualcomm Snapdragon Firmware - Improper Input Validation in CRL Issuer Name
CVSS 9.8
Details
Vulnerabilities
12,599
Exploit Likelihood
High