The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-2709
MEDIUM
HiGame < 7.3.0 and SkyTone < 8.1.1 - Denial of Service via Malformed Packet Input
CVSS 5.5
CVE-2017-11402
CRITICAL
Belden Tofino Xenon Security Appliance Firmware < 3.1.0 - Firewall Bypass via OPC Dynamic Port Shift
CVSS 9.8
CVE-2017-1000230
HIGH
Snap7 Server 1.4.1 - Denial of Service via ReadVar/WriteVar ItemCount Field
CVSS 7.5
CVE-2017-16845
CRITICAL
Qemu < 2.11.2 - Out-of-Bounds Access in PS2 Migration Handler
CVSS 10.0
CVE-2017-13703
HIGH
MOXA EDS-G512E 5.1 build 16072215 - Denial of Service
CVSS 7.5
CVE-2017-1000169
CRITICAL
QuickerBB <= 0.7.2 - Arbitrary File Write and Remote Code Execution
CVSS 9.8
CVE-2017-1000247
HIGH
CodeIgniter 3.1.3 - HTTP Header Injection via set_status_header()
CVSS 7.5
CVE-2017-1000228
CRITICAL
ejs < 2.5.3 - Remote Code Execution via Weak Input Validation in ejs.renderFile()
CVSS 9.8
CVE-2017-1000189
HIGH
ejs < 2.5.5 - Denial of Service via Weak Input Validation in ejs.renderFile()
CVSS 7.5
CVE-2017-1000201
MEDIUM
tcmu-runner 1.0.5-1.2.0 - Local Denial of Service
CVSS 5.5
CVE-2017-0858
HIGH
Android 7.0 7.1.1 7.1.2 8.0 - Remote Code Execution in Media Framework
CVSS 7.5
CVE-2017-11027
HIGH
Android for MSM - Uninitialized Data Access via UBI Image Flashing
CVSS 7.8
CVE-2017-4931
HIGH
VMware AirWatch Console <9.2.0 - Privilege Escalation
CVSS 7.8
CVE-2017-12313
MEDIUM
Cisco Network Academy Packet Tracer - Code Injection
CVSS 6.7
CVE-2017-12312
MEDIUM
Cisco Advanced Malware Protection for Endpoints - Authenticated DLL Hijacking via Untrusted Search Path
CVSS 6.7
CVE-2017-12311
MEDIUM
Cisco Meeting Server - Denial of Service via Malformed H.264 Frame
CVSS 5.8
CVE-2017-12300
MEDIUM
Cisco Firepower System Software - Auth Bypass
CVSS 5.8
CVE-2017-12299
MEDIUM
Cisco ASA Next-Generation Firewall Services - SSRF
CVSS 5.3
CVE-2017-16837
HIGH
Trusted Boot through 1.9.6 - Arbitrary Code Execution via Unvalidated Function Pointers
CVSS 7.8
CVE-2017-15270
MEDIUM
psftpd 10.0.4 Build 729 - Log Injection via CSV Escape Bypass
CVSS 5.3
CVE-2017-14961
HIGH
IKARUS anti.virus 2.16.7 - Arbitrary Write via ntguard.sys IOCtl 0x8300000c
CVSS 7.8
CVE-2017-8815
HIGH
MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - Attribute Injection via Language Converter Glossary Rules
CVSS 7.5
CVE-2017-8814
HIGH
MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - Text Injection via Language Converter Rule Definition
CVSS 7.5
CVE-2017-8811
MEDIUM
MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - HTML Mangling via Raw Message Parameter Expansion
CVSS 6.1
CVE-2017-11863
MEDIUM
Microsoft Edge - Security Feature Bypass via CSP Validation
CVSS 6.1
Details
Vulnerabilities
12,622
Exploit Likelihood
High