The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2012-0267
ntr_activex_control < 1.1.8 - Remote Code Execution via StopModule lModule Parameter
CVE-2011-20001
HIGH
SIMATIC S7-1200 CPU V1 and V2 families < V2.0.3 - Unauthenticated Denial of Service via Malformed HTTP Traffic
CVSS 7.5
CVE-2011-10020
HIGH
Kaillera Server < 0.86 - Unauthenticated Denial of Service via Malformed UDP Packet
CVE-2011-10008
HIGH
MPlayer Lite r33064 - Buffer Overflow
CVE-2011-4124
CRITICAL
calibre - Argument Injection and Privilege Escalation via linux_mount_helper.c
CVSS 9.8
CVE-2011-0220
MEDIUM
Apple Bonjour < 2011 - Denial of Service via Crafted Multicast DNS Packet
CVSS 5.5
CVE-2011-3611
HIGH
UseBB < 1.0.12 - Local File Inclusion via admin.php act Parameter
CVSS 7.2
CVE-2011-3203
CRITICAL
Jcow CMS 4.0-4.2 and 5.2 - Remote Code Execution via Attachment Parameter
CVSS 9.8
CVE-2011-4310
HIGH
CMS Made Simple < 1.9.4.3 - News Module Article Corruption via Improper Input Validation
CVSS 7.5
CVE-2011-4120
CRITICAL
Yubico PAM Module <2.10 - Auth Bypass
CVSS 9.8
CVE-2011-0529
HIGH
weborf < 0.12.5 - Denial of Service via Malformed HTTP Fields
CVSS 7.5
CVE-2011-1028
CRITICAL
Smarty 3.0.0-3.0.6 - Remote Code Execution via $smarty.template Variable
CVSS 9.8
CVE-2011-2922
HIGH
ktsuss < 1.4 - Privilege Escalation via GTK_MODULES Environment Variable
CVSS 7.8
CVE-2011-4968
MEDIUM
nginx - Man-in-the-Middle Attack via HTTP Proxy Module
CVSS 4.8
CVE-2011-4967
HIGH
tog-pegasus < 2.12 - Denial of Service via Package Hash Collision
CVSS 7.5
CVE-2011-0703
CRITICAL
gksu-polkit < 0.0.3 - Arbitrary Command Execution via xauth Source File
CVSS 9.8
CVE-2011-2897
CRITICAL
gdk-pixbuf <= 2.31.1 - Buffer Overflow in GIF Loader
CVSS 9.8
CVE-2011-2808
MEDIUM
Blink < M13 - Stale Layout Root Use-After-Free in Keygen Autofocus Handling
CVSS 6.5
CVE-2011-4904
MEDIUM
TYPO3 < 4.4.9 and 4.5.x < 4.5.4 - Unauthenticated Information Disclosure via ExtDirect Endpoint
CVSS 6.5
CVE-2011-4902
MEDIUM
TYPO3 < 4.3.12, 4.4.x < 4.4.9, 4.5.x < 4.5.4 - Arbitrary File Deletion
CVSS 6.5
CVE-2011-4182
HIGH
SUSE Linux Enterprise <0.83.7-2.1 - RCE
CVSS 7.3
CVE-2011-4181
HIGH
SUSE Open Build Service <2.1.15, <2.3 - Info Disclosure
CVSS 7.5
CVE-2011-0704
MEDIUM
389 Directory Server 1.2.7.5 - Denial of Service via Empty Modify Request
CVSS 5.9
CVE-2011-3477
MEDIUM
Symantec Backup Exec System Recovery 8.5 and BESR 2010 - Denial of Service via GEAR Software CD DVD Filter Driver
CVSS 5.5
CVE-2011-2902
MEDIUM
xpdf < 3.02-19 - Arbitrary File Deletion via Insecure Temporary File Handling
CVSS 5.3
Details
Vulnerabilities
12,638
Exploit Likelihood
High