The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2013-5470
Cisco Secure Access Control System - Denial of Service via Malformed TACACS+ TCP Packets
CVE-2013-1661
VMware ESX 4.0-4.1 and ESXi 4.0-5.1 - Denial of Service via NFC Protocol Manipulation
CVE-2013-3470
Cisco IOS XR - Denial of Service via Crafted RIPv2 Packet
CVE-2013-3468
Cisco Unified IP Phone 8945 - Denial of Service via Malformed PNG File
CVE-2013-2178
fail2ban < 0.8.10 - Unauthenticated IP Blocking via Malformed Log Messages
CVE-2013-4111
python-glanceclient < 0.10.0 - SSL Certificate Validation Bypass via Improper preverify_ok Handling
CVE-2013-2804
Software Toolbox TOP Server <5.12.140.0 - DoS
CVE-2013-4254
Linux Kernel < 3.10.8 - Privilege Escalation via ARM Perf Event Validation
CVE-2013-1909
Redhat Enterprise Mrg < 0.20 - Improper Input Validation
CVE-2013-0526
IBM Avocent 1754 KVM - Command Injection
CVE-2013-4955
Puppet Enterprise <3.0.1 - Open Redirect
CVE-2013-4762
Puppet Enterprise <3.0.1 - Info Disclosure
CVE-2013-2155
Apache XML Security for C++ < 1.7.1 - Denial of Service and Signature Spoofing via Crafted Length Values
CVE-2013-5029
phpMyAdmin <4.0.5 - CSRF
CVE-2013-3567
Puppet 2.7.x < 2.7.22 and 3.2.x < 3.2.2 - Remote Code Execution via YAML Deserialization
CVE-2013-2145
Canonical Ubuntu Linux < 0.72 - Improper Input Validation
CVE-2013-2175
Debian Linux - Improper Access Control
CVE-2013-4248
Canonical Ubuntu Linux < 5.4.17 - Improper Input Validation
CVE-2013-4238
Canonical Ubuntu Linux - Improper Input Validation
CVE-2013-2250
Apache OFBiz 10.04.01-10.04.05, 11.04.01-11.04.02, 12.04.01 - Remote Code Execution via UEL Expression Injection
CVE-2013-2078
Xen 4.0.2-4.0.4, 4.1.x, 4.2.x - Denial of Service via XSETBV Instruction
CVE-2013-2790
Master-station DNP3 driver <driver19.exe,Beta2041.exe - DoS
CVE-2013-2798
SEL RTAC Serial Input - Denial of Service
CVE-2013-2792
SEL RTAC DNP3 TCP Packet - Denial of Service
CVE-2013-1710
Firefox toString console.time Privileged Javascript Injection
Details
Vulnerabilities
12,638
Exploit Likelihood
High