The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-0712
HIGH
Android <7.1.2 - Privilege Escalation
CVSS 7.8
CVE-2017-1357
MEDIUM
IBM Maximo Asset Mgmt <7.6 - Privilege Escalation
CVSS 4.3
CVE-2017-5695
MEDIUM
Intel SSD 540s/Pro 5400s/E 5400s Firmware - Data Corruption via Improper Input Validation
CVSS 4.6
CVE-2017-8664
HIGH
Windows Hyper-V - Remote Code Execution via Improper Input Validation
CVSS 8.8
CVE-2017-8623
MEDIUM
Windows Hyper-V (>=Windows 10 1607, 1703, and Windows Server 2016) - Denial of Service via Improper Input Validation
CVSS 6.8
CVE-2017-9938
HIGH
SIMATIC Logon < V1.6 - Denial of Service via Crafted Packets to Remote Access Service
CVSS 7.5
CVE-2017-12676
MEDIUM
ImageMagick 7.0.6-3 - Denial of Service via Memory Leak in ReadOneJNGImage
CVSS 6.5
CVE-2017-12670
MEDIUM
ImageMagick 7.0.6-3 - Denial of Service via Missing Validation in MAT Coder
CVSS 6.5
CVE-2017-9801
HIGH
Apache Commons Email <1.5 - Info Disclosure
CVSS 7.5
CVE-2017-6770
MEDIUM
Cisco NX-OS 4.0-12.0 - Unauthenticated OSPF Routing Table Manipulation via Crafted LSA Type 1 Packets
CVSS 4.2
CVE-2017-6763
HIGH
Cisco Meeting Server 2.1.4 - Unauthenticated Denial of Service via H.264 FU-A Packet
CVSS 7.5
CVE-2017-6759
MEDIUM
Cisco Prime Collaboration Provisioning Tool 12.1 - Authenticated Arbitrary File Write via Upgrade Package Installation
CVSS 6.5
CVE-2017-11394
CRITICAL
Trend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php T Parameter
CVSS 9.8
CVE-2017-11393
CRITICAL
Trend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php tr Parameter
CVSS 9.8
CVE-2017-8390
CRITICAL
PAN-OS < 6.1.18, 7.x < 7.0.16, 7.1.x < 7.1.11, 8.x < 8.0.3 - Remote Code Execution via DNS Proxy
CVSS 9.8
CVE-2017-12145
MEDIUM
libquicktime 1.2.4 - Denial of Service via Crafted File in quicktime_read_ftyp
CVSS 6.5
CVE-2017-12143
MEDIUM
libquicktime 1.2.4 - Denial of Service via Crafted File in quicktime_read_info
CVSS 6.5
CVE-2017-8571
HIGH
Microsoft Outlook 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016 - Security Feature Bypass via Input Handling
CVSS 7.8
CVE-2017-1460
HIGH
IBM i 6.1-7.3 - Denial of Service via OSPF LSA Spoofing
CVSS 7.5
CVE-2017-9497
MEDIUM
Motorola MX011ANM - Command Injection
CVSS 6.8
CVE-2017-6256
HIGH
NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via DxgkDdiEscape Handler
CVSS 7.8
CVE-2017-6255
HIGH
NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via DxgkDdiEscape Handler
CVSS 7.8
CVE-2017-6254
HIGH
NVIDIA Windows GPU Display Driver - DoS or Privilege Escalation via DxgkDdiEscape Handler
CVSS 7.8
CVE-2017-11183
MEDIUM
GLPI < 9.1.4 - Authenticated Arbitrary File Deletion via Backup File Parameter
CVSS 4.9
CVE-2017-11665
HIGH
FFmpeg 3.3.2 - Denial of Service via Crafted RTMP Stream
CVSS 7.5
Details
Vulnerabilities
12,622
Exploit Likelihood
High