The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2013-4255
Condor < 8.0.0 - Authenticated Denial of Service via Policy Definition Evaluator
CVE-2013-5533
Cisco Unified IP Phones 9900 Series Firmware - Privilege Escalation via Image-Upgrade Parameter
CVE-2013-5532
Cisco Unified IP Phones 9900 Series Firmware - Denial of Service via Long Web Interface Input
CVE-2013-5527
Cisco IOS and IOS XE - Denial of Service via Crafted OSPF LSA Type 11 Packet
CVE-2013-5526
Cisco Unified IP Phone 9951 and 9971 - Denial of Service via Crafted SDP Packets
CVE-2013-5523
Cisco Identity Services Engine <1.2 - XSS
CVE-2013-2138
Gallery < 3.0.8 - Unspecified Impact via SWF Query Parameter Replay
CVE-2013-1881
librsvg < 2.39.0 - XML External Entity Injection
CVE-2013-5576
Joomla! <2.5.14, <3.1.5 - Auth Bypass
CVE-2013-3872
Microsoft Internet Explorer 10 - Remote Code Execution via Crafted Web Site
CVE-2013-3861
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, 4.5 - Denial of Service via Crafted JSON Character Sequences
CVE-2013-3860
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, 4.5 - Denial of Service via Crafted Signed XML Document
CVE-2013-6011
Citrix NetScaler Application Delivery Controller Firmware < 10.0-76.7 - Denial of Service via Crafted Request
CVE-2013-4788
GNU C Library <2.17 - Buffer Overflow
CVE-2013-4066
IBM InfoSphere Information Server 8.0, 8.1, 8.5-8.5 FP3, 8.7, 9.1 - Clickjacking via Web Console Interface Overlay
CVE-2013-4032
IBM DB2 10.1-10.5 DoS via Fast Communications Manager
CVE-2013-1892
MongoDB < 2.0.9 and 2.2.x < 2.2.4 - Authenticated Remote Code Execution via nativeHelper Function
CVE-2013-5580
ngIRCd 18-20.2 - Denial of Service via NoticeAuth Configuration Handling
CVE-2013-5745
GNOME Vino < 3.7.3 - Denial of Service via Authentication Error Handling
CVE-2013-4623
PolarSSL 1.1.x < 1.1.7 and 1.2.x < 1.2.8 - Denial of Service via PEM Encoded Certificate
CVE-2013-1839
Squid 3.2.x < 3.2.9 and 3.3.x < 3.3.3 - Denial of Service via Accept-Language Header
CVE-2013-4314
pyOpenSSL < 0.13.1 - Certificate Subject Alternative Name Spoofing via Null Byte
CVE-2013-2230
libvirt < 1.1.1 - Authenticated Denial of Service via Multiple Events Registration
CVE-2013-5498
Cisco IOS XR - Denial of Service via PPTP-ALG Crafted Packet Streams
CVE-2013-5481
Cisco IOS 12.2, 15.0-15.3 - Denial of Service via Crafted PPTP TCP Packets
Details
Vulnerabilities
12,638
Exploit Likelihood
High