CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,620 vulnerabilities with CWE-20
CVE-2017-18147 CRITICAL
Qualcomm Android for MSM Firefox OS for MSM and QRD Android - Improper Input Validation in MMCP Downlink Message
CVSS 9.8
CVE-2017-7170 HIGH
macOS < 10.13.1 - Privileged Arbitrary Code Execution via Crafted App
CVSS 7.8
CVE-2017-7164 MEDIUM
iPhone OS < 11.2 and tvOS < 11.2 - Man-in-the-Middle Password Prompt Spoofing in App Store
CVSS 5.9
CVE-2017-7003 MEDIUM
Apple <10.3.2, <10.12.5, <10.2.1, <3.2.2 - DoS
CVSS 5.5
CVE-2017-13890 HIGH
macOS < 10.13.4 - Remote Disk-Image Mounting via CoreTypes
CVSS 7.4
CVE-2017-14892 HIGH
Android for MSM <2017-09-19 - Buffer Overflow
CVSS 7.8
CVE-2017-1747 MEDIUM
IBM WebSphere MQ 9.0-9.0.4 - Denial of Service via Crafted Message
CVSS 5.3
CVE-2017-14913 CRITICAL
Android <2018-01-05 - Info Disclosure
CVSS 9.8
CVE-2017-12319 MEDIUM KEV
Cisco IOS XE < 16.3 - Unauthenticated Denial of Service via BGP EVPN Packet
CVSS 5.9
CVE-2017-18248 MEDIUM
CUPS < 2.2.6 - Denial of Service via Invalid Username in Print Job
CVSS 5.3
CVE-2017-15715 HIGH
Apache httpd <=2.4.29 - Arbitrary File Upload
CVSS 8.1
CVE-2017-16772 HIGH
Synology Photo Station <6.8.3-3463, <6.3-2971 - RCE
CVSS 8.8
CVE-2017-0917 MEDIUM
GitLab 10.1.0-10.1.5 - Stored Cross-Site Scripting in CI Job Component
CVSS 6.1
CVE-2017-0916 CRITICAL
GitLab 8.8.0-10.1.5 - Remote Code Execution via Web Hook Input Validation Bypass
CVSS 9.8
CVE-2017-0915 CRITICAL
GitLab 8.9.0-9.5.9 - Remote Code Execution via GitlabProjectsImportService Input Validation
CVSS 9.8
CVE-2017-17215 HIGH
Huawei HG532 Firmware - Authenticated Remote Code Execution via Port 37215
CVSS 8.8
CVE-2017-18240 MEDIUM
collectd < 5.7.2 - Unauthenticated Arbitrary Process Termination via PID File Manipulation
CVSS 5.5
CVE-2017-18065 HIGH
Android - Remote Code Execution via Improper Input Validation in wma_action_frame_filter_mac_event_handler()
CVSS 7.8
CVE-2017-18060 HIGH
Android - Out-of-bounds Read in wma_unified_bcntx_status_event_handler
CVSS 7.5
CVE-2017-18059 HIGH
Android - Out-of-bounds Read in wma_scan_event_callback()
CVSS 7.5
CVE-2017-18058 HIGH
Android - Out-of-bounds Read in wma_wow_wakeup_host_event
CVSS 7.5
CVE-2017-18057 HIGH
Android - Out-of-bounds Read in wma_nlo_scan_cmp_evt_handler
CVSS 7.5
CVE-2017-18055 HIGH
Android - Buffer Overflow in wma_pdev_set_hw_mode_resp_evt_handler
CVSS 7.8
CVE-2017-18054 HIGH
Android - Buffer Overflow in wma_pdev_hw_mode_transition_evt_handler
CVSS 7.8
CVE-2017-18053 HIGH
Android - Out-of-bounds Read in wma_p2p_lo_event_handler
CVSS 7.5
Details
Vulnerabilities 12,620
Exploit Likelihood High