CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,621 vulnerabilities with CWE-20
CVE-2017-18077 HIGH
brace-expansion < 1.1.7 - Regular Expression Denial of Service via Comma Character Input
CVSS 7.5
CVE-2017-1516 MEDIUM
IBM Engineering Requirements Management DOORS 9.5.0.0-9.5.0.6 - Clickjacking via Malicious Website
CVSS 5.4
CVE-2017-1000402 MEDIUM
Jenkins Swarm Plugin Client <3.4 - Man-in-the-middle
CVSS 5.9
CVE-2017-1000401 LOW
Jenkins 2.73.1-2.83 - Info Disclosure
CVSS 2.2
CVE-2017-1000397 MEDIUM
Jenkins Maven Plugin <2.17 - Man-in-the-middle
CVSS 5.9
CVE-2017-1000394 HIGH
Jenkins < 2.73.1 and < 2.83 - Denial of Service via Commons-Fileupload Library
CVSS 7.5
CVE-2017-1000391 HIGH
Jenkins <2.88 & <2.73.2 - Info Disclosure
CVSS 7.3
CVE-2017-12187 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12186 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12185 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12184 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12183 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12182 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12181 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12180 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12178 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-12176 CRITICAL
xorg-x11-server <1.19.5 - RCE
CVSS 9.8
CVE-2017-15697 CRITICAL
Apache NiFi 1.0.0-1.4.0 - Remote Code Execution via X-ProxyContextPath or X-Forwarded-Context Header
CVSS 9.8
CVE-2017-12632 HIGH
Apache NiFi < 1.5.0 - Server-Side Request Forgery via Host Header
CVSS 7.5
CVE-2017-2750 CRITICAL
HP L2683a Firmware < 2405087_018552 - Improper Input Validation
CVSS 9.8
CVE-2017-15105 MEDIUM
Unbound < 1.6.8 - Improperly Implemented Security Check for Standard
CVSS 5.3
CVE-2017-15093 MEDIUM
PowerDNS Recursor 3.0-3.7.4 - Authenticated Configuration Injection via API
CVSS 5.3
CVE-2017-16594 MEDIUM
NetGain Systems Enterprise Manager <7.2.730 build 1034 - RCE
CVSS 6.5
CVE-2017-7325 HIGH
Yandex Browser < 16.9.0 - Address Bar Spoofing via window.open
CVSS 7.5
CVE-2017-17860 MEDIUM
Google Android - Improper Input Validation
CVSS 5.7
Details
Vulnerabilities 12,621
Exploit Likelihood High