The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2012-3460
CRITICAL
Red Hat Enterprise MRG - Improper Input Validation
CVSS 9.8
CVE-2012-3543
HIGH
mono 2.10.x - Denial of Service via ASP.NET Web Form Hash Collision
CVSS 7.5
CVE-2012-2350
HIGH
pam_shield <0.9.4 - Info Disclosure
CVSS 7.5
CVE-2012-6135
HIGH
RubyGems passenger 4.0.0 beta1-beta2 - Arbitrary File Deletion
CVSS 7.5
CVE-2012-6070
HIGH
falconpl < 0.9.6.9 - Remote Security Check Bypass via libcurl API Misuse
CVSS 7.5
CVE-2012-4438
HIGH
Jenkins < 1.482 and LTS < 1.466.2 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2012-1168
HIGH
Moodle < 2.2.2 - Unauthenticated Password Reset via Profile Update
CVSS 8.2
CVE-2012-0051
HIGH
Tahoe-LAFS 1.9.0 - Remote File Corruption via Mutable File Integrity Check Bypass
CVSS 7.4
CVE-2012-6125
CRITICAL
Chicken < 4.8.0 - Denial of Service via Hash Table Collision
CVSS 9.8
CVE-2012-6123
MEDIUM
Chicken < 4.8.0 - Improper Input Validation via NUL Byte Handling
CVSS 6.5
CVE-2012-0694
CRITICAL
SugarCRM CE <= 6.3.1 - Code Injection
CVSS 9.8
CVE-2012-5360
HIGH
FFmpeg < 0.11 - Remote Code Execution via Crafted QT File
CVSS 8.8
CVE-2012-5359
HIGH
FFmpeg < 0.11 - Remote Code Execution via Crafted ASF File
CVSS 8.8
CVE-2012-6696
CRITICAL
inspircd < 2.0.5 - Denial of Service via Unsigned Integer Handling
CVSS 9.8
CVE-2012-1301
CRITICAL
Umbraco CMS 4.7.0 - Server-Side Request Forgery via FeedProxy.aspx URL Parameter
CVSS 9.8
CVE-2012-6687
FastCGI 2.4.0 - Denial of Service via Excessive Connections
CVE-2012-6656
Debian Linux < 2.16 - Improper Input Validation
CVE-2012-5621
ekiga < 3.9.90 - Denial of Service via Invalid UTF-8 Party Name in OPAL Connection
CVE-2012-5619
The Sleuth Kit 4.0.1 - Forensic Activity Hiding via Dotfile Handling
CVE-2012-6153
Apache Commons HttpClient < 4.2.3 - Improper Certificate Hostname Validation in AbstractVerifier
CVE-2012-2682
Red Hat Enterprise MRG 2.5 - Denial of Service via Non-ASCII Character in Link Name
CVE-2012-5336
owncloud < 4.0.8 - Authenticated Arbitrary File Read via WebDAV
CVE-2012-5572
Dancer < 1.3113 - CRLF Injection via Cookie Name
CVE-2012-6647
Linux Kernel < 3.5.1 - Denial of Service via FUTEX_WAIT_REQUEUE_PI Command
CVE-2012-5723
Cisco IOS XE < 3.8S - Denial of Service via Crafted ICMP Packets
Details
Vulnerabilities
12,638
Exploit Likelihood
High