The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,599 vulnerabilities with CWE-20
CVE-2017-18317
HIGH
Qualcomm MSM8996AU, SD 410/12, SD 820, SD 820A Firmware - SIM Lock Bypass via Deactivation Flow Manipulation
CVSS 7.8
CVE-2017-18349
CRITICAL
Fastjson Insecure Deserialization - Remote Code Execution
CVSS 9.8
CVE-2017-18292
MEDIUM
Qualcomm Snapdragon Firmware - Denial of Service via Widevine API
CVSS 5.5
CVE-2017-15705
MEDIUM
Apache SpamAssassin < 3.4.2 - Denial of Service via Unclosed HTML Tags
CVSS 5.3
CVE-2017-1082
HIGH
FreeBSD 10.0-10.4 - Denial of Service via qsort Recursion Pattern
CVSS 7.5
CVE-2017-1000600
HIGH
WordPress < 4.9 - Authenticated Remote Code Execution via Thumbnail Processing
CVSS 8.8
CVE-2017-15426
MEDIUM
Google Chrome < 63.0.3239.84 - Domain Spoofing via IDN Homographs
CVSS 6.5
CVE-2017-15425
MEDIUM
Google Chrome < 63.0.3239.84 - Domain Spoofing via IDN Homographs in Omnibox
CVSS 6.5
CVE-2017-15424
MEDIUM
Google Chrome < 63.0.3239.84 - Domain Spoofing via IDN Homographs in Omnibox
CVSS 6.5
CVE-2017-15420
MEDIUM
Google Chrome < 63.0.3239.84 - URL Spoofing via Error Page Navigation
CVSS 6.5
CVE-2017-17312
HIGH
Huawei Firewall < V300R001C10SPC600 - DoS
CVSS 7.5
CVE-2017-17311
HIGH
Huawei Firewall < V300R001C10SPC600 - DoS
CVSS 7.5
CVE-2017-16790
MEDIUM
Symfony <4.0-BETA5 - Info Disclosure
CVSS 6.5
CVE-2017-13652
MEDIUM
NetApp OnCommand Insight < 7.2.0 - Clickjacking via Unintended UI Action
CVSS 6.5
CVE-2017-2674
MEDIUM
JBoss BPM Suite 6.0.0-6.4.2 - Authenticated Stored Cross-Site Scripting via Business Central List Creation
CVSS 6.1
CVE-2017-2658
LOW
Red Hat JBoss BPM Suite < 6.4.2 & JBoss Data Virtualization < 6.4.3 - Clickjacking
CVSS 2.6
CVE-2017-2653
MEDIUM
CloudForms < 5.7.2.1 - Improper Input Validation via Unused Delete Routes
CVSS 4.1
CVE-2017-2614
MEDIUM
Red Hat Enterprise Virtualization - Unauthenticated Password Update on Expired Accounts
CVSS 6.8
CVE-2017-12173
MEDIUM
Red Hat Enterprise Linux - Information Disclosure via SSSD Local Cache Injection
CVSS 4.3
CVE-2017-12148
HIGH
Ansible Tower <3.1.5-3.2.0 - Command Injection
CVSS 8.4
CVE-2017-12171
MEDIUM
Red Hat Enterprise Linux 6.9 - Info Disclosure
CVSS 6.5
CVE-2017-7509
LOW
Red Hat Certificate System <8.1.20-1 - DoS
CVSS 3.5
CVE-2017-7539
MEDIUM
Qemu < 2.10.1 - Denial of Service via NBD Server Connection Negotiation
CVSS 5.3
CVE-2017-3180
MEDIUM
TIBCO Spotfire Products - Cross-Site Scripting
CVSS 5.4
CVE-2017-7481
CRITICAL
Ansible <2.3.1.0-2.4.0.0 - Code Injection
CVSS 9.8
Details
Vulnerabilities
12,599
Exploit Likelihood
High