The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,635 vulnerabilities with CWE-20
CVE-2015-1371
ferretCMS 1.0.4-alpha - Authenticated Remote Code Execution via Unrestricted File Upload
CVE-2015-0578
Cisco Adaptive Security Appliance Software - Denial of Service via Crafted DHCP Packets
CVE-2015-0301
Adobe Flash Player < 13.0.0.260 and 14.x-16.x < 16.0.0.257 - Improper Input Validation
CVE-2015-0582
Cisco NX-OS - Denial of Service via Crafted Traffic
CVE-2015-0563
Opensuse - Improper Input Validation
CVE-2015-0561
Wireshark 1.10.x < 1.10.12 and 1.12.x < 1.12.3 - Denial of Service via LPP Dissector Index Validation
CVE-2014-125119
HIGH
WinRAR 3.80-3.90 and 4.11-4.99 - Filename Spoofing via ZIP Central Directory and Local File Header Inconsistency
CVE-2014-125117
CRITICAL
D-Link DSP-W215 1.02 - Unauthenticated Stack-based Buffer Overflow via /common/info.cgi HTTP POST Request
CVSS 9.8
CVE-2014-125114
HIGH
i-Ftp 2.20 - Stack-based Buffer Overflow via Schedule.xml Time Attribute
CVE-2014-0144
HIGH
QEMU < 2.0.0 - Remote Code Execution via Block Driver Input Validation Flaws
CVSS 8.6
CVE-2014-4657
CRITICAL
Ansible < 1.5.4 - Remote Code Execution via Safe Eval Function
CVSS 9.8
CVE-2014-4651
CRITICAL
Apache jclouds 1.7.3-1.7.9 - Predictable Temporary File Location
CVSS 9.8
CVE-2014-9390
CRITICAL
Malicious Git and Mercurial HTTP Server For CVE-2014-9390
CVSS 9.8
CVE-2014-5091
CRITICAL
status2k 2.5 - Remote Code Execution via Multies Parameter
CVSS 9.8
CVE-2014-5087
CRITICAL
Sphider < 1.3.6 - Remote Code Execution via admin/spiderfuncs.php
CVSS 9.8
CVE-2014-5468
HIGH
Railo < 4.2.1.000 - Remote File Inclusion via Thumbnail CFM Request
CVSS 8.8
CVE-2014-7224
HIGH
Android < 4.4 - Remote Code Execution via addJavascriptInterface
CVSS 8.8
CVE-2014-8126
HIGH
HTCondor < 8.2.6 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2014-2914
CRITICAL
fish 2.0.0-2.1.1 - Remote Code Execution via Configuration Service
CVSS 9.8
CVE-2014-2271
HIGH
Kingsoft Office 5.3.1 - Remote Code Execution via HTTPS Downgrade Attack
CVSS 8.1
CVE-2014-5092
HIGH
status2k - Remote Command Execution via admin/options/editpl.php
CVSS 8.8
CVE-2014-0048
CRITICAL
Docker < 1.6.0 - Remote Code Execution via Insecure HTTP Downloads
CVSS 9.8
CVE-2014-5289
CRITICAL
Senkas Kolibri 2.0 - Remote Code Execution via Long URI in POST Request
CVSS 9.8
CVE-2014-8179
HIGH
Docker Engine < 1.8.3 and CS Docker Engine < 1.6.2-cs7 - Manifest Validation Bypass via JSON Injection
CVSS 7.5
CVE-2014-8178
MEDIUM
Docker Engine < 1.8.3 and CS Docker Engine < 1.6.2-cs7 - Image Cache Poisoning via Layer Identifier Collision
CVSS 5.5
Details
Vulnerabilities
12,635
Exploit Likelihood
High