The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,636 vulnerabilities with CWE-20
CVE-2014-2735
WinSCP < 5.5.3 - Man-in-the-Middle Attack via Improper Certificate Hostname Validation
CVE-2014-2269
vtiger_crm - Unauthenticated Password Reset via ForgotPassword.php
CVE-2014-2922
pimcore 1.4.9-2.1.0 - PHP Object Injection and Arbitrary File Deletion via Newsletter Token Deserialization
CVE-2014-2155
Cisco CNS Network Registrar 7.1 - DoS
CVE-2014-2733
Siemens SINEMA Server < 12.0 - Denial of Service via Crafted HTTP Requests
CVE-2014-2597
PCNetSoftware RAC Server <4.0.5 - DoS
CVE-2014-2522
curl and libcurl <7.35.0 - SSL/TLS Man-in-the-Middle
CVE-2014-2289
Asterisk 12.x < 12.1.0 - Authenticated Denial of Service via PJSIP SUBSCRIBE Request
CVE-2014-2288
Asterisk 12.x < 12.1.1 - Denial of Service via PJSIP OPTIONS Request Handling
CVE-2014-2287
Asterisk DoS via Malformed SIP Header
CVE-2014-2286
Asterisk Open Source <12.1.1 - DoS/RCE
CVE-2014-2880
Oracle Identity Manager 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2 - Open Redirect via backUrl Parameter
CVE-2014-2310
Net-SNMP < 5.4.4 - Denial of Service via AgentX Multi-Object Request
CVE-2014-0924
IBM MessageSight 1.x - Authenticated Password Bypass via Partial Password Matching
CVE-2014-0923
IBM MessageSight 1.x - Denial of Service via MQTT Authentication Data
CVE-2014-0922
IBM MessageSight JMS Client 1.x - Denial of Service via WebSockets MQTT Data
CVE-2014-0921
IBM MessageSight JMS Client - Denial of Service via Malformed WebSockets Headers
CVE-2014-2739
Linux Kernel 3.14.x-3.14.1 - Denial of Service via RDMA over Converged Ethernet Address Resolution
CVE-2014-0155
Linux Kernel < 3.14.1 - Denial of Service via I/O APIC Redirection Table
CVE-2014-2852
OpenAFS < 1.6.7 - Denial of Service via Invalid RXS_CheckResponse Packet
CVE-2014-2714
Juniper Junos DoS via Crafted URL
CVE-2014-0128
Squid 3.1-3.3.11 and 3.4-3.4.3 - Denial of Service via Crafted Range Request
CVE-2014-1209
VMware vSphere Client 4.0-5.1 - Remote Code Execution via Unvalidated Update
CVE-2014-1985
Redmine <2.4.5, <2.5.1 - Open Redirect
CVE-2014-2744
Lightwitch Metronome < 3.4 and Prosody < 0.9.4 - Unauthenticated Denial of Service via Compressed XMPP Stream
Details
Vulnerabilities
12,636
Exploit Likelihood
High