The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-11346
CRITICAL
ManageEngine Desktop Central < 10.0 - Remote Code Execution via Help Desk Video Upload
CVSS 9.8
CVE-2017-11342
HIGH
libsass 3.4.5 - Denial of Service via Illegal Address Access in ast.cpp
CVSS 7.5
CVE-2017-11340
MEDIUM
Exiv2 0.26 - Denial of Service via XmpParser::terminate() Segmentation Fault
CVSS 6.5
CVE-2017-10605
HIGH
Juniper Junos OS 12.1X46 < D67, 12.3X48 < D50, 15.1X49 < D91/D100 - Denial of Service via Crafted DHCP Packet
CVSS 8.6
CVE-2017-1000048
HIGH
ljharb's qs module <6.3.2 - DoS
CVSS 7.5
CVE-2017-1000039
CRITICAL
Framadate 1.0 - Info Disclosure, Code Execution
CVSS 9.8
CVE-2017-1000018
HIGH
phpMyAdmin 4.0-4.0.10.18, 4.6-4.6.5 - Denial of Service via Replication Status Table Name
CVSS 7.5
CVE-2017-1000016
HIGH
phpMyAdmin 4.6.0-4.6.5 - Arbitrary Cookie Injection via Improper Input Validation
CVSS 7.5
CVE-2017-1000014
HIGH
phpMyAdmin 4.0, 4.4, 4.6 - Denial of Service in Table Editing Functionality
CVSS 7.5
CVE-2017-1000001
HIGH
FedMsg < 0.18.1 - Improper Input Validation
CVSS 7.5
CVE-2017-9788
CRITICAL
Apache httpd <2.2.34 & 2.4.x <2.4.27 - Info Disclosure
CVSS 9.1
CVE-2017-7672
MEDIUM
Apache Struts 2.5.0-2.5.10.1 - Denial of Service via URLValidator
CVSS 5.9
CVE-2017-1285
MEDIUM
IBM WebSphere MQ 9.0.1-9.0.2 - Authenticated Denial of Service via Crafted Message
CVSS 6.5
CVE-2017-8611
MEDIUM
Microsoft Edge - Spoofing via Crafted Web Content
CVSS 6.5
CVE-2017-8602
MEDIUM
Microsoft Edge and Internet Explorer - Spoofing via HTTP Content Parsing
CVSS 6.5
CVE-2017-8599
MEDIUM
Microsoft Edge - Security Feature Bypass via Improper CSP Validation
CVSS 6.5
CVE-2017-8585
HIGH
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 - Denial of Service via Specially Crafted Requests
CVSS 7.5
CVE-2017-8566
HIGH
Microsoft Windows 1607, 1703, and Windows Server 2016 - Elevation of Privilege via IME DCOM Method
CVSS 7.0
CVE-2017-7730
HIGH
iSmartAlarm CubeOne Firmware - Denial of Service via SYN Flood on Port 12345
CVSS 7.5
CVE-2017-6735
MEDIUM
Cisco FireSIGHT System Software 6.2.0-6.2.1 - Authenticated Remote Code Execution via Backup and Restore Functionality
CVSS 6.7
CVE-2017-6727
MEDIUM
Cisco Wide Area Application Services 6.2(3a) - Unauthenticated Denial of Service via SMB Protocol
CVSS 5.3
CVE-2017-9791
CRITICAL
KEV
Apache Struts 2.1.x and 2.3.x - Remote Code Execution via ActionMessage Field Value
CVSS 9.8
CVE-2017-11112
HIGH
ncurses 6.0 - Denial of Service via Terminfo Data Parsing
CVSS 7.5
CVE-2017-11104
MEDIUM
Knot DNS < 2.4.5 and 2.5.x < 2.5.2 - TSIG Authentication Bypass via Improper Validity Period Check
CVSS 5.9
CVE-2017-11102
HIGH
GraphicsMagick 1.3.26 - Denial of Service via Zero-Length JNG Color Image
CVSS 7.5
Details
Vulnerabilities
12,622
Exploit Likelihood
High