CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,599 vulnerabilities with CWE-20
CVE-2017-18382 LOW
cPanel 61.9999.55-62.0.35 - Improper Input Validation in DNS Zone SOA Records
CVSS 2.7
CVE-2017-7189 HIGH
PHP 7.0.0-7.0.15 - Improper Input Validation in fsockopen Address Parsing
CVSS 7.5
CVE-2017-12652 CRITICAL
libpng < 1.6.32 - Improper Input Validation
CVSS 9.8
CVE-2017-5028 MEDIUM
Google Chrome <56.0.2924.76 - Info Disclosure
CVSS 6.5
CVE-2017-8330 MEDIUM
Securifi Almond AL-R096 - Denial of Service via UPnP NewInMessage SOAP Parameter
CVSS 6.5
CVE-2017-6261 HIGH
NVIDIA Vibrante Linux 1.1, 2.0, 2.2 - Denial of Service or Information Disclosure via Insufficient Protection Mechanisms
CVSS 8.2
CVE-2017-11740 HIGH
Zoho ManageEngine Application Manager <13.1 Build 13100 - RCE
CVSS 8.8
CVE-2017-5211 HIGH
Open-Xchange GmbH OX App Suite <7.8.3 - Info Disclosure
CVSS 7.5
CVE-2017-8341 MEDIUM
Open-xchange Appsuite < 7.8.3 - Improper Input Validation
CVSS 5.3
CVE-2017-12795 CRITICAL
openmrs-module-htmlformentry 3.3.2 - Improper Input Validation
CVSS 9.8
CVE-2017-18367 HIGH
libseccomp-golang < 0.9.0 - Improper Input Validation in BPF Generation
CVSS 7.5
CVE-2017-13911 HIGH
macOS X < 10.11.6 - Configuration Issue
CVSS 7.8
CVE-2017-16775 HIGH
Synology SSO Server <2.1.3-0129 - CSRF
CVSS 7.1
CVE-2017-7342 CRITICAL
FortiPortal <= 4.0.0 - Unauthenticated Remote Code Execution via Weak Password Recovery Process
CVSS 9.8
CVE-2017-9376 MEDIUM
ManageEngine ServiceDesk Plus <9314 - Local File Inclusion
CVSS 6.5
CVE-2017-0938 HIGH
airMAX <8.3.2, airMAX <6.0.7, EdgeMAX <1.9.7 - DoS
CVSS 7.5
CVE-2017-18359 HIGH
PostGIS 2.0.0-2.3.2 - Denial of Service via ST_AsX3D Function
CVSS 7.5
CVE-2017-15720 HIGH
Apache Airflow < 1.8.2 - Authenticated Remote Code Execution via Special Object Creation
CVSS 8.8
CVE-2017-3142 MEDIUM
BIND 9.4.0-9.11.1-P1 TSIG Authentication Bypass via AXFR Request
CVSS 5.3
CVE-2017-6921 MEDIUM
Drupal 8.0.0-8.3.3 - Authenticated Arbitrary File Manipulation via REST File Resource
CVSS 5.9
CVE-2017-13891 MEDIUM
iPhone OS < 11.2 - Inconsistent User Interface via State Management
CVSS 6.5
CVE-2017-1002157 CRITICAL
modulemd < 1.3.1 - Remote Code Execution via Unsafe Function
CVSS 9.8
CVE-2017-15402 CRITICAL
Google Chrome < 62.0.3202.74 - Sandbox Escape via Navigation Page State Overwrite
CVSS 9.6
CVE-2017-18320 HIGH
Qualcomm Snapdragon Firmware - Data Abort via QSEE Unload Attempt on Unloaded TEE
CVSS 7.8
CVE-2017-18318 CRITICAL
Qualcomm Snapdragon Firmware - Improper Input Validation in CRL Issuer Name
CVSS 9.8
Details
Vulnerabilities 12,599
Exploit Likelihood High