The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,635 vulnerabilities with CWE-20
CVE-2014-0091
MEDIUM
Foreman - Partial Denial of Service via Improper Input Validation
CVSS 5.3
CVE-2014-1937
HIGH
Gamera < 3.4.1 - Insecure Temporary File Creation
CVSS 7.5
CVE-2014-1936
HIGH
rc <1.7.1-5 - Info Disclosure
CVSS 7.5
CVE-2014-1935
MEDIUM
9base <1:6-6,1:6-7 - Info Disclosure
CVSS 5.3
CVE-2014-0084
MEDIUM
Ruby gem openshift-origin-node <2014-02-14 - DoS
CVSS 5.5
CVE-2014-5118
MEDIUM
Trusted Boot < 1.8.2 - Security Bypass via Loader Component
CVSS 5.5
CVE-2014-9013
HIGH
WP Marketplace <2.4.0 - Privilege Escalation
CVSS 8.8
CVE-2014-2304
HIGH
Open Floodlight SDN Controller 0.90 - Denial of Service via Malformed FEATURES_REPLY Messages
CVSS 7.5
CVE-2014-10384
CRITICAL
memphis-documents-library < 3.0 - Local File Inclusion
CVSS 9.8
CVE-2014-10383
CRITICAL
memphis_documents_library < 3.0 - Remote File Inclusion
CVSS 9.8
CVE-2014-3798
MEDIUM
Citrix XenServer 6.2 SP1 and earlier - Denial of Service via Crafted Ethernet Frame
CVSS 6.5
CVE-2014-1426
HIGH
Canonical Metal as a Service < 1.9.2 - Unauthenticated Arbitrary File Read via maasserver.api.get_file_by_name
CVSS 8.6
CVE-2014-9186
CRITICAL
Honeywell Experion PKS <R400 - File Inclusion
CVSS 9.8
CVE-2014-10077
HIGH
I18n < 0.8.0 - Improper Input Validation
CVSS 7.5
CVE-2014-0593
HIGH
open_build_service 0.5.3-1.1 - OS Command Injection via set_version Script
CVSS 7.8
CVE-2014-0900
HIGH
Android < 4.4.1 - Device Administrator Spoofing via mAdminMap Data Structure
CVSS 8.8
CVE-2014-9986
HIGH
Qualcomm MSM8909W and Snapdragon Firmware - Memory Overread in playready_licacq_process_response()
CVSS 7.5
CVE-2014-10051
CRITICAL
Qualcomm Mdm9206 Firmware - Improper Input Validation
CVSS 9.8
CVE-2014-5170
CRITICAL
Drupal Storage API < 7.x-1.6 - Remote Code Execution via .htaccess Misconfiguration
CVSS 9.8
CVE-2014-0486
HIGH
Knot DNS < 1.5.2 - Denial of Service via Crafted DNS Message
CVSS 7.5
CVE-2014-2032
MEDIUM
Deadwood <2.3.09, 3.x <3.2.05 - DoS
CVSS 5.9
CVE-2014-3206
CRITICAL
Seagate BlackArmor NAS - Remote Code Execution via Session or Auth Name Parameter
CVSS 9.8
CVE-2014-5282
HIGH
Docker < 1.3 - Image ID Validation Bypass via Untrusted Image Loading
CVSS 8.1
CVE-2014-8166
HIGH
CUPS < 1.6 - Remote Code Execution via ANSI Escape Sequences in Printer Name
CVSS 8.8
CVE-2014-5003
MEDIUM
ciborg 3.0.0 - Privilege Escalation
CVSS 5.5
Details
Vulnerabilities
12,635
Exploit Likelihood
High