CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,599 vulnerabilities with CWE-20
CVE-2017-18103 MEDIUM
atlassian-http < 2.0.2 - Content Spoofing via application/mathml+xml Upload
CVSS 4.7
CVE-2017-15137 MEDIUM
OpenShift - Improper Input Validation in Image Import Whitelist
CVSS 4.3
CVE-2017-18155 HIGH
Qualcomm Msm8996au Firmware - Improper Input Validation
CVSS 7.8
CVE-2017-3197 CRITICAL
GIGABYTE BRIX UEFI - Info Disclosure
CVSS 9.8
CVE-2017-16816 MEDIUM
HTCondor < 8.6.8 and 8.7.x < 8.7.5 - Authenticated Denial of Service in condor_schedd via GSI and VOMS Extensions
CVSS 6.5
CVE-2017-17175 MEDIUM
Huawei Mate 9 Pro <LON-AL00B 8.0.0.354(C00) - DoS
CVSS 6.5
CVE-2017-9312 HIGH
Allen-Bradley L30ERMS Firmware < 30 - Denial of Service via Crafted TCP Packet
CVSS 7.5
CVE-2017-7466 HIGH
Ansible < 2.3 - Remote Code Execution via Client Fact Data
CVSS 8.0
CVE-2017-2669 LOW
Dovecot < 2.2.29 - Denial of Service via Crafted %variable Expansion in dict Authentication
CVSS 3.7
CVE-2017-12070 HIGH
OPC Foundation DLLs - Code Injection
CVSS 8.8
CVE-2017-17173 HIGH
Huawei Mate 9 Pro <LON-AL00B 8.0.0.356(C00) - Use After Free
CVSS 7.8
CVE-2017-17443 MEDIUM
OPC Foundation Local Discovery Server - Denial of Service via Configuration File Tampering
CVSS 6.5
CVE-2017-7838 MEDIUM
Firefox < 57 - Limited Spoofing via Punycode Subdomain Display
CVSS 5.3
CVE-2017-7837 MEDIUM
Firefox < 57 - Cookie Injection via SVG Meta Tags in IMG Elements
CVSS 5.3
CVE-2017-7833 MEDIUM
Firefox < 57 - Domain Spoofing via Arabic and Indic Vowel Marker Characters
CVSS 5.3
CVE-2017-7832 MEDIUM
Firefox < 57 - Domain Spoofing via Unicode Dotless 'i' Character
CVSS 5.3
CVE-2017-7829 MEDIUM
Thunderbird < 52.5.2 - Email Sender Address Spoofing via Null Character Injection
CVSS 5.3
CVE-2017-7825 MEDIUM
Debian Linux < 52.4.0 - Improper Input Validation
CVSS 5.3
CVE-2017-7817 MEDIUM
Firefox < 56 - Spoofing via Fullscreen Mode Address Bar
CVSS 5.3
CVE-2017-7816 MEDIUM
Firefox < 56 - Privileged URL Access via WebExtension Popup
CVSS 5.3
CVE-2017-7815 MEDIUM
Firefox < 56 - Modal Dialog Origin Spoofing via Data URL in Iframe
CVSS 5.3
CVE-2017-7814 HIGH
Redhat Enterprise Linux Desktop < 52.4.0 - Improper Input Validation
CVSS 7.8
CVE-2017-7807 HIGH
Debian Linux < 55.0 - Improper Input Validation
CVSS 8.1
CVE-2017-7804 HIGH
Firefox < 55 and Thunderbird < 52.3 - Memory Protection Bypass via WindowsDllDetourPatcher Destructor
CVSS 7.5
CVE-2017-7796 MEDIUM
Firefox < 55.0 - Arbitrary File Deletion via Windows Updater Logger Path Manipulation
CVSS 4.7
Details
Vulnerabilities 12,599
Exploit Likelihood High