The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2011-2929
Ruby on Rails 3.0.x-3.0.9 and 3.1.x-3.1.0.rc5 - Remote Arbitrary View Rendering via Glob Character Handling
CVE-2011-3185
Pidgin < 2.10.0 - Remote Code Execution via file: URL in Message
CVE-2011-2839
Google Chrome < 13.0.782.215 - Denial of Service via PDF memset Implementation
CVE-2011-2822
Google Chrome < 13.0.782.215 - Improper Input Validation in Command-Line URL Parsing
CVE-2011-2649
Kiwi < 3.74.2 - OS Command Injection via FileUtils Function
CVE-2011-2749
ISC DHCP 3.x-4.x < 4.2.2, 3.1-ESV < 3.1-ESV-R3, 4.1-ESV < 4.1-ESV-R3 - Denial of Service via Crafted BOOTP Packet
CVE-2011-2748
ISC DHCP 3.x-4.x < 4.2.2, 3.1-ESV < 3.1-ESV-R3, 4.1-ESV < 4.1-ESV-R3 - Denial of Service via Crafted DHCP Packet
CVE-2011-2357
Android 2.3.4 and 3.1 - Cross-Application Scripting via Browser URL Loading
CVE-2011-2405
HP ProLiant SL Advanced Power Manager Firmware < 1.20 - Denial of Service
CVE-2011-3127
WordPress 3.1-3.1.2 and 3.2 Beta 1 - Clickjacking via Frame Rendering
CVE-2011-1979
Microsoft Visio 2003 SP3 and 2007 SP2 - Remote Code Execution via Crafted File Parsing
CVE-2011-1972
Microsoft Visio 2003 SP3, 2007 SP2, 2010 Gold and SP1 - Remote Code Execution via Crafted File Parsing
CVE-2011-1966
Microsoft Windows Server <2008 SP2-SP1 - RCE
CVE-2011-1962
Microsoft Internet Explorer <10 - Info Disclosure
CVE-2011-2590
UUPlayer ActiveX Control 6.0.0.1 - Remote Code Execution via MPlayerPath Parameter
CVE-2011-3012
ioQuake3 Engine - Unauthenticated Arbitrary Code Execution via Trojan Horse DLL in Addon
CVE-2011-2978
Bugzilla Multiple Versions - Unauthenticated Email Address Change
CVE-2011-2705
Ruby < 1.8.7-334 and 1.9.x < 1.9.2-p290 - Predictable SecureRandom Output via PID-Based Initialization
CVE-2011-2764
ioquake3_engine < 1.36 - Remote Code Execution via Trojan Horse DLL File
CVE-2011-1412
ioquake3_engine - Remote Code Execution via fs_game Variable
CVE-2011-2804
Google Chrome < 13.0.782.107 - Denial of Service via Nested PDF Functions
CVE-2011-2802
Google Chrome < 13.0.782.107 - Denial of Service via V8 Const Lookup
CVE-2011-2787
Google Chrome < 13.0.782.107 - Denial of Service via GPU Lock Re-entrancy
CVE-2011-2786
Google Chrome < 13.0.782.107 - Unauthenticated Audio Recording via Speech Input Bubble
CVE-2011-2785
Google Chrome < 13.0.782.107 - Improper Input Validation in Extension Home Page URL
Details
Vulnerabilities
12,638
Exploit Likelihood
High