CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,621 vulnerabilities with CWE-20
CVE-2017-17283 MEDIUM
Huawei DP300, RP200, TE30, TE40, TE50, TE60 Firmware - Out-of-bounds Read via SIP Message
CVSS 5.3
CVE-2017-17201 MEDIUM
Huawei Berlin-L21HNC432B360 & others - DoS via Malicious App Execution
CVSS 5.5
CVE-2017-17186 MEDIUM
Huawei DP300, RP200, TE30, TE40, TE50, TE60 Firmware - Denial of Service via Malformed SOAP Packets
CVSS 5.4
CVE-2017-17159 MEDIUM
Huawei NXT-AL10C00B386 et al - DoS
CVSS 6.5
CVE-2017-17157 HIGH
Huawei IPS Module <V500R001C00 - RCE
CVSS 7.5
CVE-2017-17156 HIGH
Huawei IPS/V500R001C00- - Memory Corruption
CVSS 7.5
CVE-2017-17154 HIGH
Huawei IPS Module <V500R001C00 - RCE
CVSS 7.5
CVE-2017-17153 HIGH
Huawei IPS/VNGFW Module <multiple versions - RCE
CVSS 7.5
CVE-2017-17152 MEDIUM
Huawei IPS/VNGFW Module <multiple versions - RCE
CVSS 5.9
CVE-2017-17151 MEDIUM
Huawei Various - Unauthenticated RCE
CVSS 5.9
CVE-2017-15348 HIGH
Huawei IPS Module V500R001C00 - Unauthenticated Denial of Service via MPLS Echo Request
CVSS 7.5
CVE-2017-15346 MEDIUM
Huawei S Series Switches - Denial of Service via Malicious XML File Parsing
CVSS 4.7
CVE-2017-15333 MEDIUM
Huawei S12700 S1700 S5700 S6700 S7700 S9700 eCNS210_TD Firmware - Denial of Service via XML Parser
CVSS 4.7
CVE-2017-18088 MEDIUM
Atlassian Bitbucket 5.3.0-5.3.6 5.4.0-5.4.5 5.5.0-5.5.5 5.6.0-5.6.2 5.7.0 - Clickjacking via Plugin Servlet Resources
CVSS 4.3
CVE-2017-15699 MEDIUM
Apache Qpid Dispatch Router 0.7.0 and 0.8.0 - Denial of Service via Crafted AMQP Frame
CVSS 6.5
CVE-2017-13229 CRITICAL
Android 7.0 7.1.1 7.1.2 8.0 8.1 - Remote Code Execution in Media Framework
CVSS 9.8
CVE-2017-15394 MEDIUM
Google Chrome < 62.0.3202.62 - Domain Spoofing via IDN Homographs in Extension Permission Dialogs
CVSS 6.5
CVE-2017-15392 MEDIUM
Google Chrome < 62.0.3202.62 - Heap Corruption via Crafted Windows Registry Entry
CVSS 4.3
CVE-2017-15390 MEDIUM
Google Chrome < 62.0.3202.62 - Domain Spoofing via IDN Homographs in Omnibox
CVSS 6.5
CVE-2017-15389 MEDIUM
Google Chrome < 62.0.3202.62 - URL Spoofing via Omnibox Manipulation
CVSS 6.5
CVE-2017-15386 MEDIUM
Google Chrome < 62.0.3202.62 - URL Spoofing via Omnibox Manipulation
CVSS 6.5
CVE-2017-12473 HIGH
ccn-lite < 2.0.0 - Denial of Service via Malformed Packet L Values
CVSS 7.5
CVE-2017-6169 MEDIUM
F5 BIG-IP Policy Enforcement Manager 11.6.0-11.6.2, 12.0.0-12.1.3, 13.0.0 - DoS via Malformed URL
CVSS 6.8
CVE-2017-18123 HIGH
DokuWiki < 2017-02-19e - Reflected File Download via AJAX Call Parameter
CVSS 8.6
CVE-2017-2296 MEDIUM
Puppet Enterprise 2017.1.x and 2017.2.1 - Denial of Service via Specially Formatted Classifier Node Group Names
CVSS 6.5
Details
Vulnerabilities 12,621
Exploit Likelihood High