The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2012-5781
Amazon Elastic Load Balancing API Tools - Man-in-the-Middle Attack via Unverified X.509 Certificate
CVE-2012-5780
Amazon Merchant SDK - Man-in-the-Middle Attack via Improper Certificate Validation
CVE-2012-5170
Pebble < 2.6.4 - Open Redirect
CVE-2012-3026
Intelligent Platforms Proficy Real-time Information Portal - Improper Input Validation
CVE-2012-3021
Intelligent Platforms Proficy Real-time Information Portal - Improper Input Validation
CVE-2012-3010
Intelligent Platforms Proficy Real-time Information Portal - Improper Input Validation
CVE-2012-4544
Xen < 4.2.0 - Denial of Service via PV Domain Builder Kernel or Ramdisk Size Validation
CVE-2012-4489
Mark Burdett Securelogin - Improper Input Validation
CVE-2012-4482
Ubercart SecureTrading Payment Method Module 6.x - Improper Payment Verification
CVE-2012-2625
Xen <25589:60f09d1ab1fe, 4.2.x, 4.1.x - DoS
CVE-2012-4176
Adobe Shockwave Player < 11.6.8.638 - Remote Code Execution
CVE-2012-4435
fwknop < 2.0.3 - Authenticated Denial of Service via Long IP Address
CVE-2012-2972
CA ARCserve Backup r12.5-r16 - Denial of Service via Crafted RPC Request
CVE-2012-5356
Ubuntu Software Properties - Arbitrary Package Repository GPG Key Installation via MITM Attack
CVE-2012-4463
Midnight Commander 4.8.5 - Remote Code Execution via Crafted Filename
CVE-2012-3986
Mozilla Firefox < 16.0 - Remote Code Execution via DOMWindowUtils Method Calls
CVE-2012-3436
OpenTTD 0.6.0-1.2.1 - Denial of Service via Water Tile Clear Request
CVE-2012-5321
TikiWiki CMS/Groupware 8.3 - Frame Injection via URL Parameter
CVE-2012-4824
IBM Lotus Notes Traveler <8.5.3.3 - Open Redirect
CVE-2012-3314
IBM Tivoli Federated Identity Manager 6.1.1-6.2.2 SAML/XML Signature Bypass
CVE-2012-5234
ocPortal < 7.1.6 - Open Redirect via Redirect Parameter
CVE-2012-2242
devscripts < 2.10.73 - Remote Code Execution via Crafted .dsc or .changes File
CVE-2012-2241
devscripts < 2.12.3 - Arbitrary File Deletion via Crafted .dsc or .changes File
CVE-2012-2240
devscripts < 2.12.3 - Remote Code Execution via External Command Arguments
CVE-2012-5049
Optimalog Optima PLC < 1.5.2 - Denial of Service via Malformed Packet
Details
Vulnerabilities
12,638
Exploit Likelihood
High