The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,636 vulnerabilities with CWE-20
CVE-2014-7839
RESTEasy 2.3.7 and 3.0.9 - XML External Entity Injection in DocumentProvider
CVE-2014-9030
Xen 3.2.x-4.4.x - Denial of Service via MMU_MACHPHYS_UPDATE
CVE-2014-8416
Asterisk 12.x < 12.7.1 and 13.x < 13.0.1 - Use-After-Free in PJSIP Channel Driver
CVE-2014-8415
Asterisk 12.x < 12.7.1 and 13.x < 13.0.1 - Denial of Service via SIP Session Cancel Request
CVE-2014-7821
OpenStack Neutron 2012.2.1-2014.1.4 - Authenticated Denial of Service via DNS Configuration
CVE-2014-7817
Canonical Ubuntu Linux - Improper Input Validation
CVE-2014-9060
Moodle <2.4.11, 2.5.x-2.5.9, 2.6.x-2.6.6, 2.7.x-2.7.3 - CSRF
CVE-2014-8594
Opensuse - Improper Input Validation
CVE-2014-7899
Google Chrome < 38.0.2125.7 - Address Bar Spoofing via Blob URL
CVE-2014-7146
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
CVE-2014-4461
Apple iOS <8.1.1 & Apple TV <7.0.2 - RCE
CVE-2014-6105
IBM Security Identity Manager - Improper Input Validation
CVE-2014-7815
QEMU < 2.1.3 - Denial of Service via Small bytes_per_pixel Value
CVE-2014-7246
OpenAM 9.5.3-9.5.5, 10.0.0-10.0.2, 10.1.0-Xpress, 11.0.0-11.0.2 - Authenticated Denial of Service via Crafted Cookie
CVE-2014-6322
Microsoft Windows - Privilege Escalation
CVE-2014-4149
Microsoft .NET Framework Remote Code Execution via .NET Remoting Endpoint
CVE-2014-3673
HIGH
Linux Kernel < 3.17.2 - Denial of Service via Malformed SCTP ASCONF Chunk
CVSS 7.5
CVE-2014-3645
Linux Kernel < 3.12 - Denial of Service via Missing INVEPT Exit Handler
CVE-2014-6159
IBM DB2 9.7-10.5 - Authenticated Denial of Service via ALTER TABLE Statement
CVE-2014-6097
IBM DB2 9.7-9.8 FP5 - Authenticated Denial of Service via ALTER TABLE Statement
CVE-2014-8510
Trend Micro InterScan Web Security Virtual Appliance Arbitrary File Read via AdminUI
CVE-2014-7990
Cisco IOS XE < 3.5E - Privilege Escalation via Improper Shell Request Parsing
CVE-2014-7989
Cisco Unified Computing System B-Series - Privilege Escalation via ping6 or traceroute6 Command
CVE-2014-2179
Cisco RV120W < 1.0.5.8, RV180 < 1.0.3.10, RV180W < 1.0.3.10, RV220W < 1.0.5.8 - Arbitrary File Write via HTTP Request
CVE-2014-0995
SAP NetWeaver <= 7.01 - Denial of Service via Trace Pattern Wildcard
Details
Vulnerabilities
12,636
Exploit Likelihood
High