The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-7522
MEDIUM
OpenVPN < 2.4.3 and < 2.3.17 - Authenticated Denial of Service via Certificate with Embedded NULL Character
CVSS 6.5
CVE-2017-6662
HIGH
Cisco Prime Infrastructure 1.1-3.1.6 & Evolved Programmable Network Manager 1.2-2.1 - Authenticated RCE via XXE
CVSS 8.0
CVE-2017-9773
MEDIUM
Horde_Image 2.x - Denial of Service via Null Image Driver
CVSS 5.7
CVE-2017-9778
MEDIUM
GDB < 8.0 - Denial of Service via Negative DWARF Section Length
CVSS 5.5
CVE-2017-3098
CRITICAL
Adobe Captivate <= 9 - Remote Code Execution and Arbitrary File Write via Quiz Reporting Feature
CVSS 9.8
CVE-2017-9741
CRITICAL
ProjectSend r754 - Remote Code Execution via dbprefix Parameter
CVSS 9.8
CVE-2017-9675
HIGH
D-Link DIR-605L <2.08UIBetaB01.bin - DoS
CVSS 7.5
CVE-2017-8555
MEDIUM
Microsoft Edge - Security Feature Bypass via Improper CSP Validation
CVSS 4.3
CVE-2017-8545
MEDIUM
Microsoft Outlook for Mac - Spoofing via Improper HTML Sanitization
CVSS 6.5
CVE-2017-7676
CRITICAL
Apache Ranger <0.7.1 - Path Traversal
CVSS 9.8
CVE-2017-7369
HIGH
Android - Kernel Stack Corruption via ALSA Array Index Validation
CVSS 7.8
CVE-2017-7366
MEDIUM
Android <Linux Kernel - Buffer Overflow
CVSS 5.5
CVE-2017-6690
MEDIUM
Cisco ASR 5000 Series StarOS - Authenticated Arbitrary File Write via File Check Operation
CVSS 4.9
CVE-2017-6680
HIGH
Cisco Ultra Services Framework 21.0.0 - Unauthenticated Arbitrary Directory Creation via AutoVNF Logging Function
CVSS 7.5
CVE-2017-6674
HIGH
Cisco Firepower System Software 6.0.1-6.2.1 - Unauthenticated URL Filter Bypass via Feature-License Management
CVSS 7.5
CVE-2017-6671
HIGH
Cisco Email Security Appliance - Unauthenticated Filter Bypass via Email Message Scanning
CVSS 7.5
CVE-2017-6667
CRITICAL
Cisco Context Service SDK - Unauthenticated Remote Code Execution via Dynamic JAR File Update
CVSS 9.8
CVE-2017-6656
MEDIUM
Cisco IP Phone 8800 Series - Unauthenticated Denial of Service via SIP Call Handling
CVSS 5.9
CVE-2017-4994
HIGH
Cloud Foundry Foundation cf-release <v263 - Info Disclosure
CVSS 7.5
CVE-2017-2773
CRITICAL
PCF Elastic Runtime <1.6.60/1.7.41/1.8.23/1.9.1 - Unauthenticated JWT Impersonation
CVSS 9.8
CVE-2017-2179
HIGH
AppGoat < 3.0.2 - Remote Code Execution
CVSS 8.8
CVE-2017-9022
HIGH
strongSwan < 5.5.3 - Denial of Service via RSA Public Key Validation in gmp Plugin
CVSS 7.5
CVE-2017-6638
HIGH
Cisco AnyConnect Secure Mobility Client < 4.4.02034 - Authenticated Local Privilege Escalation via DLL Hijacking
CVSS 7.8
CVE-2017-7564
HIGH
ARM Trusted Firmware <= 1.3 - Denial of Service via Debug Exception Handling
CVSS 7.5
CVE-2017-1000368
HIGH
Todd Miller's sudo <1.8.20p1 - Info Disclosure, Command Injection
CVSS 8.2
Details
Vulnerabilities
12,622
Exploit Likelihood
High