CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,620 vulnerabilities with CWE-20
CVE-2017-7764 MEDIUM
Firefox < 54 and Firefox ESR < 52.2 - Domain Spoofing via Canadian Syllabics Unicode Mixing
CVSS 5.3
CVE-2017-7763 MEDIUM
Firefox < 54 and Firefox ESR < 52.2 - Domain Spoofing via Tibetan Character Whitespace Rendering
CVSS 5.3
CVE-2017-7762 HIGH
Redhat Enterprise Linux Desktop < 54.0 - Improper Input Validation
CVSS 7.5
CVE-2017-5463 MEDIUM
Firefox < 53.0 - Address Bar Spoofing via Android Intent
CVSS 5.3
CVE-2017-5453 MEDIUM
Firefox < 53.0 - HTML Injection via RSS Reader Preview Page
CVSS 4.3
CVE-2017-5452 MEDIUM
Firefox < 53.0 - Address Bar Spoofing via Scrolled Location Bar
CVSS 4.3
CVE-2017-5451 MEDIUM
Redhat Enterprise Linux < 53.0 - Improper Input Validation
CVSS 4.3
CVE-2017-5450 HIGH
Firefox < 53.0 - Address Bar Spoofing via JavaScript URI
CVSS 7.5
CVE-2017-5449 HIGH
Redhat Enterprise Linux < 52.1.0 - Improper Input Validation
CVSS 7.5
CVE-2017-5422 HIGH
Firefox < 52.0 - Denial of Service via view-source Protocol Hyperlink
CVSS 7.5
CVE-2017-5421 HIGH
Firefox < 52.0 - Spoofing via Print Preview Window
CVSS 7.5
CVE-2017-5420 MEDIUM
Firefox < 52.0 - Address Bar Spoofing via JavaScript URL Obfuscation
CVSS 6.5
CVE-2017-5417 MEDIUM
Firefox < 52.0 - Address Bar Spoofing via Drag-and-Drop Content Manipulation
CVSS 5.3
CVE-2017-5415 MEDIUM
Firefox < 52.0 - Address Bar Spoofing via Blob URL
CVSS 5.3
CVE-2017-5395 MEDIUM
Firefox < 51.0 - Location Bar Spoofing via Timed Page Navigation
CVSS 4.3
CVE-2017-5383 MEDIUM
Firefox <51 - Info Disclosure
CVSS 5.3
CVE-2017-16226 CRITICAL
static-eval < 2.0.0 - Remote Code Execution via Global Function Constructor Access
CVSS 9.8
CVE-2017-16113 HIGH
parsejson < 0.0.3 - Regular Expression Denial of Service via Untrusted Input
CVSS 7.5
CVE-2017-7653 MEDIUM
Eclipse Mosquitto < 1.4.15 - Denial of Service via Invalid UTF-8 Topic String
CVSS 5.3
CVE-2017-16026 MEDIUM
Request 2.2.6-2.47.0, 2.51.0-2.67.0 - Memory Corruption
CVSS 5.9
CVE-2017-16023 HIGH
decamelize 1.1.0-1.1.1 - Denial of Service via Unescaped Separator Values
CVSS 7.5
CVE-2017-16013 HIGH
hapi 15.0.0-16.1.0 - Denial of Service via Malformed Accept-Encoding Header
CVSS 7.5
CVE-2017-16005 HIGH
joyent/http-signature <=0.9.11 - Header Forgery via Unsigned Header Names
CVSS 7.5
CVE-2017-17171 MEDIUM
Huawei Mate 8, P9, and P9 Plus Firmware - Denial of Service via Malicious APK Parameters
CVSS 4.2
CVE-2017-17315 MEDIUM
Huawei DP300, RP200, TE30, TE40, TE50, TE60 Firmware - Denial of Service via SCCP Message Handling
CVSS 5.3
Details
Vulnerabilities 12,620
Exploit Likelihood High