The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2013-3996
IBM InfoSphere BigInsights 1.1-2.1 - Authenticated Phishing Attack via FRAME Element Handling
CVE-2013-1633
setuptools < 0.7 - Remote Code Execution via Untrusted HTTP Package Retrieval
CVE-2013-1630
pyshop < 0.7.1 - Remote Code Execution via Unverified HTTP Package Download
CVE-2013-1629
pip < 1.3 - Remote Code Execution via Man-in-the-Middle Package Tampering
CVE-2013-3724
Monkey 1.1.1 - Denial of Service via Null Byte in HTTP Request
CVE-2013-3443
Cisco Wide Area Application Services 4.x-5.2.x - Remote Code Execution via Crafted POST Request
CVE-2013-4912
Siemens WinCC (TIA Portal) <12 SP1 - Open Redirect
CVE-2013-2994
IBM WebSphere Commerce 7.0 FP4-5 - Info Disclosure
CVE-2013-4673
Symantec Web Gateway < 5.1.1 - Remote Code Execution via RADIUS Authentication Bypass
CVE-2013-2088
Subversion < 1.6.23 - Authenticated Remote Code Execution via Shell Metacharacters in Filename
CVE-2013-4932
Wireshark 1.8.x < 1.8.9 and 1.10.x < 1.10.1 - Denial of Service in GSM A Common Dissector
CVE-2013-4930
Wireshark 1.8.x < 1.8.9 and 1.10.x < 1.10.1 - Denial of Service via DVB-CI Dissector Length Validation
CVE-2013-4926
Wireshark 1.10.x - Denial of Service in DCOM ISystemActivator Dissector
CVE-2013-4924
Wireshark 1.10.x - Denial of Service in DCOM ISystemActivator Dissector
CVE-2013-4129
Linux Kernel <= 3.10.3 - Denial of Service via Bridge Multicast Timer Mismanagement
CVE-2013-3580
TrustGo Antivirus & Mobile Security - Denial of Service via Crafted Intent to USSDScannerActivity
CVE-2013-2248
Apache Struts 2.0.0-2.3.15 - Open Redirect via redirect: or redirectAction: Prefix
CVE-2013-3275
EMC Avamar Server & Avamar Virtual Edition <7.0 - Info Disclosure
CVE-2013-1943
HIGH
Linux Kernel < 3.0 - Privilege Escalation and Information Disclosure via KVM Memory Slot Allocation
CVSS 7.8
CVE-2013-3400
Cisco NX-OS - Authenticated Remote Code Execution via License Installation Arguments
CVE-2013-2871
Google Chrome <28.0.1500.71 - Use After Free
CVE-2013-1362
Opensuse < 2.13 - Improper Input Validation
CVE-2013-2204
TinyMCE Media Plugin < 3.5.2 - Content Spoofing via Flash Parameter Injection
CVE-2013-3299
RealNetworks RealPlayer <16.0.2.32 - DoS
CVE-2013-2232
Linux Kernel < 3.10 - Denial of Service via IPv6 Socket to IPv4 Interface
Details
Vulnerabilities
12,638
Exploit Likelihood
High