The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2012-2495
Cisco AnyConnect < 3.0 MR8 / Secure Desktop < 3.6.6020 Version Downgrade
CVE-2012-2494
Cisco AnyConnect Secure Mobility Client <3.0 MR8 - Code Injection
CVE-2012-2493
Cisco AnyConnect Secure Mobility Client <3.0 MR8 - RCE
CVE-2012-2159
IBM Security AppScan Source 7.x-8.x and SPSS Data Collection Developer Library 6.0-6.0.1 - Open Redirect via IEHS
CVE-2012-3587
APT 0.7.x < 0.7.25 and 0.8.x < 0.8.16 - Unauthenticated Trojan Package Installation via MITM Keyring Update
CVE-2012-0954
APT 0.7.x < 0.7.25 and 0.8.x < 0.8.16 - Man-in-the-Middle Package Alteration via GPG Subkey Bypass
CVE-2012-2670
Collabtive < 0.7.6 - Authenticated Arbitrary File Upload and Remote Code Execution via Avatar File
CVE-2012-0212
devscripts 2.10.x-2.10.68 and 2.11.x-2.11.3 - Remote Code Execution via debdiff.pl File Name Argument
CVE-2012-0211
devscripts 2.10.x-2.10.69 and 2.11.x-2.11.4 - Remote Code Execution via Crafted Tarball Filename
CVE-2012-0210
devscripts 2.10.x-2.10.69 and 2.11.x-2.11.4 - Remote Code Execution via File Name in .dsc or .changes File
CVE-2012-3288
VMware Workstation 7.x-8.x, Player 3.x-4.x, Fusion 4.x, ESXi 3.5-5.0, ESX 3.5-4.1 - Remote Code Execution
CVE-2012-3556
Opera < 11.65 - Cross-Site Scripting via Pop-Up Window on Double-Click
CVE-2012-1866
Windows Kernel win32k.sys - Local Privilege Escalation via Clipboard Format Atom Name Handling
CVE-2012-1865
Windows XP/2003/Vista/7/2008 Privilege Escalation via String Atom Class
CVE-2012-1864
Windows Kernel win32k.sys - Privilege Escalation via String Atom Class Name Handling
CVE-2012-3003
Siemens WinCC <7.0 SP3 - Open Redirect
CVE-2012-1817
Emerson DeltaV/Workstations 9.3.1-11.3.1 & ProEssentials 5.0.0.6 Buffer Overflow
CVE-2012-0247
HIGH
ImageMagick < 6.7.5-7 - Remote Code Execution via EXIF ResolutionUnit Tag
CVSS 8.8
CVE-2012-0862
Xinetd <2.3.15 - Privilege Escalation
CVE-2012-0061
rpm < 4.9.1.3 - Denial of Service via Malicious Package Header
CVE-2012-0060
rpm < 4.9.1.3 - Denial of Service via Invalid Region Tag in Package Header
CVE-2012-2488
Cisco IOS XR < 4.2.1 - Denial of Service via Crafted Packet
CVE-2012-2940
MediaChance Real-DRAW PRO 5.2.4 - DoS
CVE-2012-1172
PHP < 5.4.0 - Denial of Service and Directory Traversal via Invalid Square Bracket in File Upload Name
CVE-2012-2374
Tornado <2.2.1 - HTTP Response Splitting
Details
Vulnerabilities
12,638
Exploit Likelihood
High