The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-8682
HIGH
Microsoft Office 2007 - Improper Input Validation
CVSS 8.8
CVE-2017-1519
MEDIUM
IBM DB2 10.5-11.1 - Denial of Service
CVSS 5.9
CVE-2017-14344
HIGH
Jungos WinDriver <12.4.0 - Privilege Escalation
CVSS 7.8
CVE-2017-14335
HIGH
Beijing Hanbang Hanbanggaoke - Info Disclosure
CVSS 7.5
CVE-2017-14231
MEDIUM
GeniXCMS < 1.1.0 - Denial of Service via Username Substring Handling
CVSS 5.3
CVE-2017-14230
CRITICAL
Cyrus IMAP <3.0.4 - Info Disclosure
CVSS 9.1
CVE-2017-6795
MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 4.4
CVE-2017-6794
MEDIUM
Cisco Meeting Server - Command Injection
CVSS 6.7
CVE-2017-6792
MEDIUM
Cisco Prime Collaboration Provisioning Tool - Privilege Escalation
CVSS 6.5
CVE-2017-12223
MEDIUM
Cisco IR800 Router Firmware - Unauthenticated RCE via ROMMON Variable Manipulation
CVSS 6.4
CVE-2017-12218
MEDIUM
Cisco AsyncOS Software - Info Disclosure
CVSS 5.8
CVE-2017-12217
MEDIUM
Cisco ASR 5500 System Architecture Evolution Gateway - Denial of Service via GPRS Tunneling Protocol Packet Header
CVSS 5.3
CVE-2017-14169
HIGH
FFmpeg 2.4-3.3.3 - Integer Signedness Error in MXF Primer Pack Parser
CVSS 8.8
CVE-2017-14098
HIGH
Asterisk 13.x < 13.17.1 and 14.x < 14.6.1 - Denial of Service via Crafted PJSIP tel URI
CVSS 7.5
CVE-2017-12874
HIGH
SimpleSAMLphp InfoCard Module < 1.0.1 - XML Signature Validation Spoofing
CVSS 7.5
CVE-2017-14105
HIGH
HiveManager Classic through 8.1r1 - Authenticated Arbitrary JSP Code Execution via Backup Archive Restore
CVSS 7.8
CVE-2017-3898
MEDIUM
McAfee LiveSafe <16.0.3 - Privilege Escalation
CVSS 5.9
CVE-2017-12869
HIGH
SimpleSAMLphp < 1.14.13 - Authentication Bypass via Multiauth Module Input Validation
CVSS 7.5
CVE-2017-0901
HIGH
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
CVSS 7.5
CVE-2017-0900
HIGH
RubyGems < 2.6.12 - Denial of Service via Malicious Gem Specification
CVSS 7.5
CVE-2017-14063
HIGH
async-http-client < 2.0.35 - Server-Side Request Forgery via Fragment Identifier
CVSS 7.5
CVE-2017-9945
MEDIUM
Siemens 7KM PAC Switched Ethernet PROFINET Expansion Module < V2.1.3 - DoS via PROFINET DCP Broadcast
CVSS 6.5
CVE-2017-13767
HIGH
Wireshark 2.4.0 2.2.0-2.2.8 2.0.0-2.0.14 - Denial of Service via MSDP Dissector Infinite Loop
CVSS 7.5
CVE-2017-1428
MEDIUM
IBM Cognos Analytics 11.0 - Clickjacking via Malicious Web Site
CVSS 6.1
CVE-2017-12775
HIGH
Question2Answer < 1.7.4 - Unauthenticated User Account Creation via qa-install.php
CVSS 7.5
Details
Vulnerabilities
12,622
Exploit Likelihood
High