The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,634 vulnerabilities with CWE-20
CVE-2015-3204
libreswan 3.9-3.12 - Denial of Service via Malformed IKEv1 Packet
CVE-2015-1942
IBM Tivoli Storage Manager FastBack 6.1 - Remote Code Execution via Crafted TCP Packet
CVE-2015-3237
cURL & libcurl <7.43 - Info Disclosure/DoS
CVE-2015-3234
Drupal 6.x < 6.36 and 7.x < 7.38 - Unauthenticated Account Takeover via OpenID Provider Spoofing
CVE-2015-4197
Cisco NX-OS 5.2(5) - Denial of Service via Malformed LLDP Packet
CVE-2015-4201
Cisco ASR 5000 Series Software 17.2.0.59184 and 18.0.L0.59219 - Denial of Service via Invalid TCP/IP Header
CVE-2015-3318
CA Common Services - Privilege Escalation
CVE-2015-4393
Services module 7.x-3.x < 7.x-3.12 - Authenticated Remote Code Execution via Crafted Filename
CVE-2015-2962
CGI RESCUE BloBee <= 1.20 - Arbitrary File Write and Remote Code Execution
CVE-2015-2341
VMware Fusion 6.x-7.x and Player 6.x - Denial of Service via Crafted RPC Command
CVE-2015-4184
Cisco Email Security Appliance - Anti-Spam Scanner Bypass via Malformed DNS SPF Record
CVE-2015-4148
Apple Mac OS X < 10.10.4 - Improper Input Validation
CVE-2015-3330
PHP <5.4.40, <5.5.24, <5.6.8 - DoS
CVE-2015-0770
Cisco TelePresence TC <6.3.4-7.3.3 - CRLF Injection
CVE-2015-2951
f21/jwt < 1.0 - Signature Verification Bypass via Crafted Tokens
CVE-2015-0760
Cisco ASA 7.x-8.2.x < 8.2.2.13 Authenticated XAUTH Bypass via IKEv1
CVE-2015-0850
FusionForge < 6.0 - Remote Code Execution via Git Plugin Secondary Repository Creation
CVE-2015-0759
Cisco Headend Digital Broadband Delivery System - Cross-Site Request Forgery
CVE-2015-2854
Blue Coat SSL Visibility Appliance < 3.8.4 Clickjacking via Missing X-Frame-Options Header
CVE-2015-0747
Cisco Videoscape Conductor 3.0 and Headend System Release - Arbitrary Cookie Injection via HTTP Request
CVE-2015-3994
SAP HANA - Authenticated Log Spoofing via grant.xsfunc Application
CVE-2015-1833
Apache Jackrabbit XML External Entity Injection via WebDAV Request
CVE-2015-0756
Cisco Wireless LAN Controller 7.4(1.1) - Denial of Service via Crafted TCP Traffic
CVE-2015-0754
Cisco Finesse 10.5(1) - Authenticated Denial of Service via Crafted XML Document
CVE-2015-0753
Cisco Unified Email and Web Interaction Manager 9.0(2) - SQL Injection
Details
Vulnerabilities
12,634
Exploit Likelihood
High