The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,636 vulnerabilities with CWE-20
CVE-2014-3310
Cisco WebEx Meeting Center and WebEx Meetings Server - Arbitrary File Read via File Transfer Feature
CVE-2014-3487
file < 5.19 - Denial of Service via CDF File Stream Offset Validation
CVE-2014-3480
MEDIUM
file < 5.19 - Denial of Service via CDF File Sector-Count Validation
CVSS 6.5
CVE-2014-0207
MEDIUM
file < 5.19 - Denial of Service via Crafted CDF File
CVSS 6.5
CVE-2014-2514
EMC Documentum Content Server < 6.7 SP1 P28, 6.7 SP2 < P15, 7.0 < P15, 7.1 < P06 - Privilege Escalation via Save RPC
CVE-2014-2513
EMC Documentum Content Server < 6.7 SP1 P28, 6.7 SP2 < P15, 7.0 < P15, 7.1 < P06 - RCE via Custom Script
CVE-2014-0034
Apache CXF < 2.6.12 and 2.7.x < 2.7.9 - Remote Access Control Bypass via Invalid SAML Token Caching
CVE-2014-3308
Cisco IOS XR on ASR 9000 Trident Line Cards - Denial of Service via Crafted Packet Flood
CVE-2014-0868
IBM Algo Credit Limits 4.5.0-4.7.0 - Authenticated Data Modification via Crafted XML Document
CVE-2014-0865
IBM Algo Credit Limits 4.5.0-4.7.0 - Authenticated Data Modification via Serialized Object Injection
CVE-2014-4611
Linux Kernel < 3.15.2 - Integer Overflow in LZ4 Decompression
CVE-2014-3890
silex SX-2000WG Firmware < 1.5.3 - Denial of Service via Crafted IP Packet
CVE-2014-3889
silex SX-2000WG Firmware < 1.5.3 - Denial of Service via TCP Options Field
CVE-2014-1369
Apple Safari < 6.1.5 and 7.x < 7.0.5 - Unauthenticated File URL Access via URL Drag Operation
CVE-2014-1360
iPhone OS < 7.1.2 - Activation Lock Bypass via Unverified Activation Server Data
CVE-2014-4617
GnuPG < 1.4.17 and < 2.0.24 - Denial of Service via Malformed Compressed Packets
CVE-2014-3299
Cisco IOS - Authenticated Denial of Service via Malformed IPsec Packets
CVE-2014-0244
Samba 3.6.x-4.1.x - Denial of Service via Malformed UDP Packet
CVE-2014-2779
Microsoft Malware Protection Engine < 1.1.10600.0 - Denial of Service via Crafted File
CVE-2014-0478
Advanced Package Tool < 1.0.3 - Improper Input Validation
CVE-2014-2003
JustSystems JUST Online Update - RCE
CVE-2014-3814
Juniper ScreenOS < 6.3.0 - Denial of Service via Malformed DNS Packets
CVE-2014-3859
ISC BIND 9.10.0 - Denial of Service via Crafted EDNS Options Packet
CVE-2014-1539
Firefox < 30.0 and Thunderbird <= 24.6 - Clickjacking via Cursor Visibility Manipulation
CVE-2014-1818
Microsoft Windows and Office - Remote Code Execution via Crafted EMF+ Image Record
Details
Vulnerabilities
12,636
Exploit Likelihood
High