The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-9046
HIGH
Pegasus Mail <4.72 build 572 - Code Injection
CVSS 7.3
CVE-2017-9091
HIGH
Allen Disk 1.6 - CAPTCHA Bypass via Empty Captcha Parameter
CVSS 7.5
CVE-2017-9090
HIGH
Allen Disk 1.6 - CAPTCHA Bypass via Empty POST Parameter
CVSS 7.5
CVE-2017-6652
HIGH
Cisco TelePresence IX5000 Series - Unauthenticated Arbitrary File Read via Directory Traversal
CVSS 7.5
CVE-2017-9065
HIGH
WordPress < 4.7.5 - Unauthenticated Post Meta Data Access via XML-RPC API
CVSS 7.5
CVE-2017-9043
HIGH
GNU Binutils - Denial of Service via Crafted ELF File
CVSS 7.8
CVE-2017-8849
HIGH
smb4k < 2.0.1 - Privilege Escalation via Mount Helper DBUS Service
CVSS 7.8
CVE-2017-5215
CRITICAL
Codextrous B2J Contact <2.1.13 - RCE
CVSS 9.8
CVE-2017-3873
HIGH
Cisco Aironet 1800/2800/3800 Series AP 8.3.102.0 - RCE via PnP Server Response
CVSS 7.5
CVE-2017-3825
HIGH
Cisco TelePresence CE 8.1.1-8.3.1 - Unauthenticated Denial of Service via ICMP Packet
CVSS 7.5
CVE-2017-7478
HIGH
OpenVPN 2.3.12-2.3.14 - Unauthenticated Denial of Service via Large Control Packet
CVSS 7.5
CVE-2017-8934
MEDIUM
PCManFM 1.2.5 - Denial of Service via Insecure /tmp Socket File
CVSS 5.5
CVE-2017-8933
LOW
libmenu-cache 1.0.2 - Denial of Service via Insecure /tmp Socket File
CVSS 3.3
CVE-2017-7213
CRITICAL
Zoho ManageEngine Desktop Central <build 100082 - RCE
CVSS 10.0
CVE-2017-0620
HIGH
Android Kernel <3.18 - Privilege Escalation
CVSS 7.0
CVE-2017-0613
HIGH
Linux Kernel - Elevation of Privilege via Qualcomm Secure Execution Environment Communicator Driver
CVSS 7.0
CVE-2017-0280
MEDIUM
Microsoft Windows SMBv1 - Denial of Service via Crafted Requests
CVSS 5.9
CVE-2017-0273
MEDIUM
Microsoft Windows SMBv1 - Denial of Service via Crafted Requests
CVSS 5.9
CVE-2017-0269
MEDIUM
Microsoft Windows SMBv1 - Denial of Service via Crafted Requests
CVSS 5.9
CVE-2017-0256
MEDIUM
ASP.NET Core MVC - Spoofing via Improper Request Sanitization
CVSS 5.3
CVE-2017-0249
HIGH
ASP.NET Core MVC - Elevation of Privilege via Improper Web Request Sanitization
CVSS 7.3
CVE-2017-0247
HIGH
ASP.NET Core Mvc < 1.0.4 and 1.1.x < 1.1.3 - Denial of Service via Unicode Non-Character Encoding
CVSS 7.5
CVE-2017-0231
MEDIUM
Microsoft Edge and Internet Explorer - Spoofing via SmartScreen Filter Rendering
CVSS 4.3
CVE-2017-0212
HIGH
Windows Hyper-V - Elevation of Privilege via vSMB Packet Data Validation
CVSS 7.6
CVE-2017-0171
MEDIUM
Windows DNS Server - Denial of Service via Version Query Handling
CVSS 5.9
Details
Vulnerabilities
12,622
Exploit Likelihood
High