The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2011-5243
TwitterOAuth - Man-in-the-Middle Attack via SSL Certificate Hostname Mismatch
CVE-2011-5242
tmhOAuth < 0.61 - Man-in-the-Middle Attack via Unverified X.509 Certificate Hostname
CVE-2011-5241
Services_Twitter 0.6.3 - Man-in-the-Middle Attack via Improper Certificate Validation
CVE-2011-5240
Magento 1.5 and 1.6.2 - Man-in-the-Middle Attack via Unverified SSL Certificate
CVE-2011-5239
CiviCRM 4.0.5 and 4.1.1 - Man-in-the-Middle Attack via SSL Certificate Hostname Mismatch
CVE-2011-5238
google-checkout-php < 1.3.2 - Man-in-the-Middle Attack via SSL Certificate Spoofing
CVE-2011-5237
PayPal WPS ToolKit - Man-in-the-Middle Attack via Improper Certificate Validation
CVE-2011-5236
Moneris eSelectPlus 2.03 - Man-in-the-Middle Attack via Improper Certificate Validation
CVE-2011-4911
Joomla! < 1.5.12 - Path Disclosure via Missing JEXEC Check
CVE-2011-4962
SilverStripe CMS 2.4.0-2.4.5 - Remote Code Execution via Deserialization in User Comment Cookie
CVE-2011-5136
EPractize Labs Subscription Manager - Arbitrary File Write via showImg.php db Parameter
CVE-2011-1398
PHP < 5.3.11 and 5.4.x < 5.4.0RC2 - HTTP Response Splitting via Carriage Return Bypass
CVE-2011-3952
FFmpeg < 0.10 - Denial of Service and Possible Remote Code Execution via Large Palette Size in KMVC Encoded File
CVE-2011-3936
FFmpeg <0.7.12 & Libav <0.5.9-0.8.11 - DoS
CVE-2011-2503
SystemTap < 1.6 - Local Privilege Escalation via Race Condition in Module Loading
CVE-2011-2502
SystemTap < 1.6 - Privilege Escalation via Crafted Module in User-Space Probing Path
CVE-2011-4582
Moodle 2.1-2.1.2 - Authenticated Open Redirect via Calendar Set Page
CVE-2011-4294
Moodle < 1.9.13, 2.0.x < 2.0.4, 2.1.x < 2.1.1 - Open Redirect via Error Message Continuation Link
CVE-2011-4302
Moodle 1.9.x < 1.9.14, 2.0.x < 2.0.5, 2.1.x < 2.1.2 - Certificate Validation Bypass via openssl_verify Return Value
CVE-2011-2716
T-mobile Tm-ac1900 < 1.19.4 - Improper Input Validation
CVE-2011-4957
WordPress < 3.1.1 - Denial of Service via make_clickable URL Parsing
CVE-2011-4914
Linux Kernel < 2.6.39 - Denial of Service via ROSE Protocol Data-Length Mismatch
CVE-2011-4913
Linux Kernel < 2.6.39 - Denial of Service and Stack-Based Buffer Overflow via ROSE Socket
CVE-2011-1080
Linux Kernel < 2.6.39 - Information Disclosure via ebtables Table Replacement
CVE-2011-1079
Linux Kernel < 2.6.39 - Information Disclosure and Denial of Service via BNEPCONNADD Command
Details
Vulnerabilities
12,638
Exploit Likelihood
High