The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-12252
HIGH
Cisco FindIT Network Discovery Utility - DLL Preloading
CVSS 7.8
CVE-2017-12250
MEDIUM
Cisco Wide Area Application Services - Unauthenticated Denial of Service via HTTP Request Input Validation
CVSS 5.3
CVE-2017-12215
HIGH
Cisco AsyncOS - Denial of Service via Email Message Filtering
CVSS 7.1
CVE-2017-12214
HIGH
Cisco Unified Customer Voice Portal 10.5, 11.0, 11.5 - Authenticated Privilege Escalation via OAMP Credential Reset
CVSS 8.8
CVE-2017-14617
HIGH
Poppler 0.59.0 - Denial of Service via Floating Point Exception in ImageStream
CVSS 7.8
CVE-2017-9804
HIGH
Apache Struts 2.3.7-2.3.33, 2.5-2.5.12 - DoS
CVSS 7.5
CVE-2017-9793
HIGH
Apache Struts 2.1.x 2.3.7-2.3.33 2.5-2.5.12 - Denial of Service via Malicious XML Payload
CVSS 7.5
CVE-2017-12611
CRITICAL
Apache Struts 2.0.0-2.3.33 and 2.5-2.5.10.1 - Remote Code Execution via Freemarker Tag Expression
CVSS 9.8
CVE-2017-7924
HIGH
DoS Exploitation of Allen-Bradley
CVSS 7.5
CVE-2017-14604
MEDIUM
GNOME Nautilus <3.23.90 - Info Disclosure
CVSS 6.5
CVE-2017-6315
CRITICAL
Astaro Security Gateway 7 - Remote Code Execution via index.plx Request
CVSS 9.8
CVE-2017-10700
CRITICAL
QNAP QTS - Unauthenticated Remote Code Execution in MediaLibrary Component
CVSS 9.8
CVE-2017-9333
HIGH
OpenWebif 1.2.5 - Remote Code Execution via CallOPKG Function URL Parameter
CVSS 8.8
CVE-2017-14520
HIGH
Poppler 0.59.0 - Denial of Service via Floating Point Exception in Splash::scaleImageYuXd()
CVSS 7.8
CVE-2017-14518
HIGH
Poppler 0.59.0 - Denial of Service via Crafted PDF Document
CVSS 7.8
CVE-2017-14511
HIGH
SAP E-Recruiting <617 - Auth Bypass
CVSS 7.5
CVE-2017-14509
HIGH
SugarCRM < 7.7.2.3, 7.8.x < 7.8.2.2, 7.9.x < 7.9.2.0 - Authenticated Remote File Inclusion via Connectors Module
CVSS 8.8
CVE-2017-14489
MEDIUM
Linux Kernel < 4.13.2 - Denial of Service via iscsi_if_rx Length Validation
CVSS 5.5
CVE-2017-1556
MEDIUM
IBM API Connect 5.0.7.0-5.0.7.2 - Authenticated Denial of Service via Regular Expression Attack
CVSS 6.5
CVE-2017-14430
HIGH
D-Link DIR-850L REV. A FW114WWb07_h2ab_beta1 and REV. B FW208WWb02 - Denial of Service via Crafted LAN Traffic
CVSS 7.5
CVE-2017-8754
MEDIUM
Microsoft Edge - Security Feature Bypass via Content Security Policy Validation
CVSS 4.2
CVE-2017-8723
MEDIUM
Microsoft Edge - Security Feature Bypass via Crafted Document CSP Validation
CVSS 4.3
CVE-2017-8714
HIGH
Windows Hyper-V - Remote Code Execution via Improper Input Validation
CVSS 7.8
CVE-2017-8704
MEDIUM
Windows Hyper-V - Denial of Service via Improper Input Validation
CVSS 5.3
CVE-2017-8699
HIGH
Windows Shell - Remote Code Execution via File Copy Destination Validation
CVSS 7.0
Details
Vulnerabilities
12,622
Exploit Likelihood
High