CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,599 vulnerabilities with CWE-20
CVE-2017-18317 HIGH
Qualcomm MSM8996AU, SD 410/12, SD 820, SD 820A Firmware - SIM Lock Bypass via Deactivation Flow Manipulation
CVSS 7.8
CVE-2017-18349 CRITICAL
Fastjson Insecure Deserialization - Remote Code Execution
CVSS 9.8
CVE-2017-18292 MEDIUM
Qualcomm Snapdragon Firmware - Denial of Service via Widevine API
CVSS 5.5
CVE-2017-15705 MEDIUM
Apache SpamAssassin < 3.4.2 - Denial of Service via Unclosed HTML Tags
CVSS 5.3
CVE-2017-1082 HIGH
FreeBSD 10.0-10.4 - Denial of Service via qsort Recursion Pattern
CVSS 7.5
CVE-2017-1000600 HIGH
WordPress < 4.9 - Authenticated Remote Code Execution via Thumbnail Processing
CVSS 8.8
CVE-2017-15426 MEDIUM
Google Chrome < 63.0.3239.84 - Domain Spoofing via IDN Homographs
CVSS 6.5
CVE-2017-15425 MEDIUM
Google Chrome < 63.0.3239.84 - Domain Spoofing via IDN Homographs in Omnibox
CVSS 6.5
CVE-2017-15424 MEDIUM
Google Chrome < 63.0.3239.84 - Domain Spoofing via IDN Homographs in Omnibox
CVSS 6.5
CVE-2017-15420 MEDIUM
Google Chrome < 63.0.3239.84 - URL Spoofing via Error Page Navigation
CVSS 6.5
CVE-2017-17312 HIGH
Huawei Firewall < V300R001C10SPC600 - DoS
CVSS 7.5
CVE-2017-17311 HIGH
Huawei Firewall < V300R001C10SPC600 - DoS
CVSS 7.5
CVE-2017-16790 MEDIUM
Symfony <4.0-BETA5 - Info Disclosure
CVSS 6.5
CVE-2017-13652 MEDIUM
NetApp OnCommand Insight < 7.2.0 - Clickjacking via Unintended UI Action
CVSS 6.5
CVE-2017-2674 MEDIUM
JBoss BPM Suite 6.0.0-6.4.2 - Authenticated Stored Cross-Site Scripting via Business Central List Creation
CVSS 6.1
CVE-2017-2658 LOW
Red Hat JBoss BPM Suite < 6.4.2 & JBoss Data Virtualization < 6.4.3 - Clickjacking
CVSS 2.6
CVE-2017-2653 MEDIUM
CloudForms < 5.7.2.1 - Improper Input Validation via Unused Delete Routes
CVSS 4.1
CVE-2017-2614 MEDIUM
Red Hat Enterprise Virtualization - Unauthenticated Password Update on Expired Accounts
CVSS 6.8
CVE-2017-12173 MEDIUM
Red Hat Enterprise Linux - Information Disclosure via SSSD Local Cache Injection
CVSS 4.3
CVE-2017-12148 HIGH
Ansible Tower <3.1.5-3.2.0 - Command Injection
CVSS 8.4
CVE-2017-12171 MEDIUM
Red Hat Enterprise Linux 6.9 - Info Disclosure
CVSS 6.5
CVE-2017-7509 LOW
Red Hat Certificate System <8.1.20-1 - DoS
CVSS 3.5
CVE-2017-7539 MEDIUM
Qemu < 2.10.1 - Denial of Service via NBD Server Connection Negotiation
CVSS 5.3
CVE-2017-3180 MEDIUM
TIBCO Spotfire Products - Cross-Site Scripting
CVSS 5.4
CVE-2017-7481 CRITICAL
Ansible <2.3.1.0-2.4.0.0 - Code Injection
CVSS 9.8
Details
Vulnerabilities 12,599
Exploit Likelihood High