The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,620 vulnerabilities with CWE-20
CVE-2017-7764
MEDIUM
Firefox < 54 and Firefox ESR < 52.2 - Domain Spoofing via Canadian Syllabics Unicode Mixing
CVSS 5.3
CVE-2017-7763
MEDIUM
Firefox < 54 and Firefox ESR < 52.2 - Domain Spoofing via Tibetan Character Whitespace Rendering
CVSS 5.3
CVE-2017-7762
HIGH
Redhat Enterprise Linux Desktop < 54.0 - Improper Input Validation
CVSS 7.5
CVE-2017-5463
MEDIUM
Firefox < 53.0 - Address Bar Spoofing via Android Intent
CVSS 5.3
CVE-2017-5453
MEDIUM
Firefox < 53.0 - HTML Injection via RSS Reader Preview Page
CVSS 4.3
CVE-2017-5452
MEDIUM
Firefox < 53.0 - Address Bar Spoofing via Scrolled Location Bar
CVSS 4.3
CVE-2017-5451
MEDIUM
Redhat Enterprise Linux < 53.0 - Improper Input Validation
CVSS 4.3
CVE-2017-5450
HIGH
Firefox < 53.0 - Address Bar Spoofing via JavaScript URI
CVSS 7.5
CVE-2017-5449
HIGH
Redhat Enterprise Linux < 52.1.0 - Improper Input Validation
CVSS 7.5
CVE-2017-5422
HIGH
Firefox < 52.0 - Denial of Service via view-source Protocol Hyperlink
CVSS 7.5
CVE-2017-5421
HIGH
Firefox < 52.0 - Spoofing via Print Preview Window
CVSS 7.5
CVE-2017-5420
MEDIUM
Firefox < 52.0 - Address Bar Spoofing via JavaScript URL Obfuscation
CVSS 6.5
CVE-2017-5417
MEDIUM
Firefox < 52.0 - Address Bar Spoofing via Drag-and-Drop Content Manipulation
CVSS 5.3
CVE-2017-5415
MEDIUM
Firefox < 52.0 - Address Bar Spoofing via Blob URL
CVSS 5.3
CVE-2017-5395
MEDIUM
Firefox < 51.0 - Location Bar Spoofing via Timed Page Navigation
CVSS 4.3
CVE-2017-5383
MEDIUM
Firefox <51 - Info Disclosure
CVSS 5.3
CVE-2017-16226
CRITICAL
static-eval < 2.0.0 - Remote Code Execution via Global Function Constructor Access
CVSS 9.8
CVE-2017-16113
HIGH
parsejson < 0.0.3 - Regular Expression Denial of Service via Untrusted Input
CVSS 7.5
CVE-2017-7653
MEDIUM
Eclipse Mosquitto < 1.4.15 - Denial of Service via Invalid UTF-8 Topic String
CVSS 5.3
CVE-2017-16026
MEDIUM
Request 2.2.6-2.47.0, 2.51.0-2.67.0 - Memory Corruption
CVSS 5.9
CVE-2017-16023
HIGH
decamelize 1.1.0-1.1.1 - Denial of Service via Unescaped Separator Values
CVSS 7.5
CVE-2017-16013
HIGH
hapi 15.0.0-16.1.0 - Denial of Service via Malformed Accept-Encoding Header
CVSS 7.5
CVE-2017-16005
HIGH
joyent/http-signature <=0.9.11 - Header Forgery via Unsigned Header Names
CVSS 7.5
CVE-2017-17171
MEDIUM
Huawei Mate 8, P9, and P9 Plus Firmware - Denial of Service via Malicious APK Parameters
CVSS 4.2
CVE-2017-17315
MEDIUM
Huawei DP300, RP200, TE30, TE40, TE50, TE60 Firmware - Denial of Service via SCCP Message Handling
CVSS 5.3
Details
Vulnerabilities
12,620
Exploit Likelihood
High