The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-10952
HIGH
Foxit Reader 8.2.0.2051 - Arbitrary File Write via saveAs JavaScript Function
CVSS 8.8
CVE-2017-13735
HIGH
LibRaw 0.18.2 - Denial of Service via Floating Point Exception in kodak_radc_load_raw
CVSS 7.5
CVE-2017-13685
MEDIUM
SQLite 3.20.0 - Denial of Service via Crafted File
CVSS 5.5
CVE-2017-2254
MEDIUM
Cybozu Garoon 3.5.0-4.2.5 - Denial of Service via Application Menu Edit Function
CVSS 4.9
CVE-2017-13709
HIGH
FlightGear - Arbitrary File Write via Global Property Tree Manipulation
CVSS 7.5
CVE-2017-12595
HIGH
qpdf 6.0.0 and 7.0.b1 - Denial of Service via Deep PDF Data Structure
CVSS 7.8
CVE-2017-13692
HIGH
Tidy 5.5.31 - Denial of Service via Invalid ISALNUM Argument
CVSS 7.5
CVE-2017-13147
HIGH
GraphicsMagick 1.3.26 - Denial of Service via MNG MEND Chunk Length Handling
CVSS 8.8
CVE-2017-13145
MEDIUM
ImageMagick < 6.9.8-8 and 7.x < 7.0.5-9 - Denial of Service via JP2 Channel Geometry Validation
CVSS 6.5
CVE-2017-13144
MEDIUM
ImageMagick < 6.9.7-9 - Denial of Service via Large Image Dimensions
CVSS 6.5
CVE-2017-12843
MEDIUM
Cyrus IMAP < 3.0.3 - Authenticated Arbitrary File Write via SYNCAPPLY, SYNCGET, or SYNCRESTORE Command
CVSS 6.5
CVE-2017-13061
MEDIUM
ImageMagick 7.0.6-5 - Denial of Service via ReadPSDLayersInternal Length Validation
CVSS 6.5
CVE-2017-12784
HIGH
Youngzsoft CC File Transfer 3.6 - Unauthenticated Denial of Service via Malformed HTTP Request Header
CVSS 7.5
CVE-2017-12976
HIGH
git-annex < 6.20170520 - Remote Code Execution via SSH URL Hostname Injection
CVSS 8.8
CVE-2017-12961
HIGH
GNU PSPP - Denial of Service via Assertion Abort in parse_attributes Function
CVSS 7.5
CVE-2017-8260
HIGH
Qualcomm Android Kernel - Out-of-Bounds Write via Type Downcast Validation Bypass
CVSS 7.8
CVE-2017-12859
MEDIUM
NetApp Data ONTAP < 8.2.4 - Denial of Service in 7-Mode NFS Environment
CVSS 5.9
CVE-2017-12939
CRITICAL
Unity Editor < 5.3.8p2, 5.4.x < 5.4.5p5, 5.5.x < 5.5.4p3, 5.6.x < 5.6.3p1, 2017.x < 2017.1.0p4 - Remote Code Execution
CVSS 9.8
CVE-2017-6785
MEDIUM
Cisco Unified Communications Manager - Privilege Escalation
CVSS 4.3
CVE-2017-6773
MEDIUM
Cisco ASR 5000 Series StarOS 21.0.v0.65839 - Authenticated Command Injection via CLI Input Sanitization Bypass
CVSS 6.7
CVE-2017-12426
HIGH
GitLab CE/EE <8.17.8, <9.0.13, <9.1.10, <9.2.10, <9.3.10, <9.4.4 - RCE
CVSS 8.8
CVE-2017-9800
CRITICAL
Subversion <1.8.19, 1.9.x <1.9.7, 1.10.0.x <=1.10.0-alpha3 - RCE
CVSS 9.8
CVE-2017-3752
HIGH
IBM and Lenovo Fabric Firmware - OSPF Routing Table Manipulation via Improper Input Validation
CVSS 8.2
CVE-2017-0724
MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Denial of Service in Media Framework
CVSS 5.5
CVE-2017-0721
HIGH
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Remote Code Execution in libmpeg2
CVSS 7.8
Details
Vulnerabilities
12,622
Exploit Likelihood
High