The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2017-2461
HIGH
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Denial of Service in CoreText
CVSS 7.5
CVE-2017-2453
MEDIUM
Safari < 10.1 - User Interface Spoofing via Crafted Web Site
CVSS 6.5
CVE-2017-2442
MEDIUM
Safari < 10.1 - Same Origin Policy Bypass via WebKit JavaScript Bindings
CVSS 6.5
CVE-2017-2434
CRITICAL
iPhone OS < 10.3 - Improper Input Validation in HomeKit
CVSS 9.8
CVE-2017-2414
MEDIUM
iPhone OS < 10.3 - Unauthenticated Exchange Traffic Exposure via Email Address Typo
CVSS 5.3
CVE-2017-2410
HIGH
macOS < 10.12.4 - Remote Code Execution in Kernel
CVSS 7.8
CVE-2017-2378
HIGH
Apple <10.3 - Remote Code Execution
CVSS 8.8
CVE-2017-7394
HIGH
TigerVNC 1.7.1 - Unauthenticated Denial of Service via Long Username
CVSS 7.5
CVE-2017-7346
MEDIUM
Linux Kernel < 4.10.7 - Denial of Service via vmw_gb_surface_define_ioctl
CVSS 5.5
CVE-2017-5185
HIGH
NetIQ Sentinel Server 8.0 - Remote Denial of Service
CVSS 7.5
CVE-2017-5226
CRITICAL
bubblewrap < 0.1.5 - Sandbox Escape via TIOCSTI ioctl
CVSS 10.0
CVE-2017-7301
HIGH
GNU Binutils <2.28 - Buffer Overflow
CVSS 7.5
CVE-2017-7183
HIGH
ExtraPuTTY < 0.29 - Denial of Service via Large TFTP Message
CVSS 7.5
CVE-2017-6464
MEDIUM
NTP < 4.2.8p10 and 4.3.x < 4.3.94 - Denial of Service via Malformed Mode Configuration Directive
CVSS 6.5
CVE-2017-6463
MEDIUM
NTP < 4.2.8p10 and 4.3.x < 4.3.94 - Authenticated Denial of Service via Invalid :config Directive
CVSS 6.5
CVE-2017-5932
HIGH
Bash 4.4 - Privilege Escalation via Path Autocompletion
CVSS 7.8
CVE-2017-7262
MEDIUM
AMD Ryzen < 2017-01-27 - Denial of Service via FMA3 Instruction Sequence
CVSS 5.5
CVE-2017-7261
MEDIUM
Linux Kernel < 4.10.5 - Denial of Service via vmw_surface_define_ioctl Zero-Size Pointer Dereference
CVSS 5.5
CVE-2017-7235
HIGH
cloudflare-scrape 1.6.6-1.7.1 - Remote Code Execution via Malicious Website
CVSS 8.8
CVE-2017-3858
HIGH
Cisco IOS XE 16.2.1 - Authenticated Remote Code Execution via HTTP Parameter Injection
CVSS 8.8
CVE-2017-3852
HIGH
Cisco IOx 1.0.0.0-1.1.0.0 - Authenticated Arbitrary File Write via Malicious Application Package
CVSS 8.1
CVE-2017-3850
MEDIUM
Cisco IOS 15.4-15.6 and IOS XE 3.7-3.18, 16 - Unauthenticated Denial of Service via Crafted IPv6 Packet
CVSS 5.9
CVE-2017-3849
HIGH
Cisco IOS - Unauthenticated Denial of Service via Crafted Autonomic Network Channel Discovery Packet
CVSS 7.4
CVE-2017-6837
MEDIUM
audiofile 0.3.6 - Denial of Service via Large Number of Coefficients in WAVE.cpp
CVSS 5.5
CVE-2017-3881
CRITICAL
KEV
Cisco - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities
12,622
Exploit Likelihood
High