The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,621 vulnerabilities with CWE-20
CVE-2017-12197
MEDIUM
libpam4j <= 1.8 - Authentication Bypass via Disabled Account Validation
CVSS 6.5
CVE-2017-5699
MEDIUM
Intel MinnowBoard 3 Firmware < 0.65 - Denial of Service via UEFI API Input Validation Error
CVSS 5.5
CVE-2017-17429
MEDIUM
K7 Antivirus Premium < 15.1.0.53 - Unauthenticated Raw Disk Access via K7Sentry IOCTL
CVSS 5.5
CVE-2017-16556
MEDIUM
K7 Antivirus Premium <15.1.0.53 - Memory Corruption
CVSS 5.5
CVE-2017-13214
HIGH
Android - Denial of Service via Hardware HEVC Decoder
CVSS 7.5
CVE-2017-13198
HIGH
Android 7.0-8.1 - Denial of Service via Frame Composition Without Color Map
CVSS 7.5
CVE-2017-13194
HIGH
Android 7.0-8.1 - Denial of Service via Odd Frame Width in libvpx
CVSS 7.5
CVE-2017-13186
HIGH
Android 7.0-8.1 - Denial of Service via libavc mmco Parameter Mishandling
CVSS 7.5
CVE-2017-13176
HIGH
Android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 - Remote Elevation of Privilege via URLStreamHandler Host Field
CVSS 8.8
CVE-2017-2158
LOW
Lhaplus < 1.7.3 - Unintended File Extraction via ZIP64 Archive Expansion
CVSS 3.3
CVE-2017-15845
HIGH
Android - Memory Leak or Buffer Overflow via Invalid WLAN Cal Data Firmware Size
CVSS 7.8
CVE-2017-15124
HIGH
QEMU < 2.11.0 - Denial of Service via Unbounded VNC Framebuffer Updates
CVSS 7.5
CVE-2017-16753
HIGH
Advantech WebAccess <8.3 - Info Disclosure
CVSS 7.5
CVE-2017-8046
CRITICAL
Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request
CVSS 9.8
CVE-2017-18020
HIGH
Samsung Mobile L(5.x)-N(7.x) with Exynos - Arbitrary Code Execution in Bootloader via Ramfs Data Copy
CVSS 8.4
CVE-2017-18019
HIGH
K7 Total Security < 15.1.0.305 - Arbitrary Memory Read via K7Sentry Device Input
CVSS 7.1
CVE-2017-1000469
CRITICAL
cobbler < 2.8.2 - OS Command Injection via Add Repo Component
CVSS 9.8
CVE-2017-1000423
CRITICAL
b2evolution 6.6.0-6.8.10 - Unauthenticated Remote Code Execution via Input Validation Bypass
CVSS 9.8
CVE-2017-17967
MEDIUM
Kingsoft WPS Office 10.1.0.6930 - Denial of Service via Crafted PPT File
CVSS 5.5
CVE-2017-17952
HIGH
PHP Multivendor Ecommerce - Predictable Registration URL for Spoofed Email Registration
CVSS 8.6
CVE-2017-15667
HIGH
Flexense SysGauge Server 3.6.18 - Denial of Service via Crafted SERVER_GET_INFO Packet
CVSS 7.5
CVE-2017-13056
HIGH
PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution via Crafted PDF File
CVSS 7.8
CVE-2017-7154
MEDIUM
Apple <11.2 - Privilege Escalation/DoS
CVSS 6.6
CVE-2017-17862
MEDIUM
Linux Kernel < 4.14.8 - Denial of Service via BPF Verifier Branch Pruning Logic
CVSS 5.5
CVE-2017-17850
HIGH
Asterisk < 13.18.4, < 14.7.4, < 15.1.4, and < 13.18-cert1 - Denial of Service via Missing Contact Header in SIP Messages
CVSS 7.5
Details
Vulnerabilities
12,621
Exploit Likelihood
High