The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,638 vulnerabilities with CWE-20
CVE-2011-1492
Roundcube Webmail < 0.5.1 - Authenticated Server-Side Request Forgery via CSS Stylesheet Request
CVE-2011-1491
Roundcube Webmail <0.5.1 - Info Disclosure
CVE-2011-1475
Apache Tomcat 7.0.0-7.0.11 - Information Disclosure via HTTP Pipelining
CVE-2011-0997
ISC DHCP 3.0.x-4.2.x - Remote Code Execution via DHCP Hostname Shell Metacharacters
CVE-2011-0465
X.Org X11 xrdb < 1.0.9 - Remote Code Execution via DHCP or XDMCP Hostname
CVE-2011-0764
t1lib <= 5.1.2 - Remote Code Execution via Crafted Type 1 Font
CVE-2011-1154
logrotate < 3.7.9 - OS Command Injection via Shell Metacharacters in Log Filename
CVE-2011-1296
Google Chrome < 10.0.648.204 - Denial of Service via SVG Text Handling
CVE-2011-1295
WebKit in Chrome <10.0.648.204 & Safari <5.0.6 - DoS & XSS via Node Corruption
CVE-2011-1294
Google Chrome < 10.0.648.204 - Denial of Service via CSS Token Sequence Handling
CVE-2011-0190
Apple Mac OS X <10.6.7 - Info Disclosure
CVE-2011-0182
Apple Mac OS X <10.6.7 - Privilege Escalation
CVE-2011-1506
Kerio Connect <7.1.4 build 2985 - Command Injection
CVE-2011-1470
PHP < 5.3.6 - Denial of Service via ZipArchive Stream Handling
CVE-2011-1430
Ipswitch IMail <11.03 - Command Injection
CVE-2011-1429
mutt - Certificate Hostname Validation Bypass via SMTP over SSL
CVE-2011-1428
WeeChat < 0.3.4 - Man-in-the-Middle Attack via Improper X.509 Certificate Validation
CVE-2011-1094
kdelibs < 4.6.1 - Man-in-the-Middle Attack via X.509 Certificate Hostname Mismatch
CVE-2011-0745
SugarCRM < 6.1.3 - Authenticated Information Disclosure via ShowDuplicates Action
CVE-2011-0163
Safari < 5.0.4 - Denial of Service via Cache Poisoning
CVE-2011-0162
Apple iOS <4.3 & Apple TV <4.2 - DoS
CVE-2011-0161
Safari < 5.0.4 - Same Origin Policy Bypass via Attr.style Accessor
CVE-2011-0160
Safari < 5.0.3 - Credential Disclosure via WebKit Redirect Handling
CVE-2011-0159
iPhone OS < 4.3 - Cookie Tracking via Improper Safari Settings Input Validation
CVE-2011-0158
iPhone OS < 4.3 - Denial of Service via MobileSafari URL Handler
Details
Vulnerabilities
12,638
Exploit Likelihood
High