CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,621 vulnerabilities with CWE-20
CVE-2017-12197 MEDIUM
libpam4j <= 1.8 - Authentication Bypass via Disabled Account Validation
CVSS 6.5
CVE-2017-5699 MEDIUM
Intel MinnowBoard 3 Firmware < 0.65 - Denial of Service via UEFI API Input Validation Error
CVSS 5.5
CVE-2017-17429 MEDIUM
K7 Antivirus Premium < 15.1.0.53 - Unauthenticated Raw Disk Access via K7Sentry IOCTL
CVSS 5.5
CVE-2017-16556 MEDIUM
K7 Antivirus Premium <15.1.0.53 - Memory Corruption
CVSS 5.5
CVE-2017-13214 HIGH
Android - Denial of Service via Hardware HEVC Decoder
CVSS 7.5
CVE-2017-13198 HIGH
Android 7.0-8.1 - Denial of Service via Frame Composition Without Color Map
CVSS 7.5
CVE-2017-13194 HIGH
Android 7.0-8.1 - Denial of Service via Odd Frame Width in libvpx
CVSS 7.5
CVE-2017-13186 HIGH
Android 7.0-8.1 - Denial of Service via libavc mmco Parameter Mishandling
CVSS 7.5
CVE-2017-13176 HIGH
Android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 - Remote Elevation of Privilege via URLStreamHandler Host Field
CVSS 8.8
CVE-2017-2158 LOW
Lhaplus < 1.7.3 - Unintended File Extraction via ZIP64 Archive Expansion
CVSS 3.3
CVE-2017-15845 HIGH
Android - Memory Leak or Buffer Overflow via Invalid WLAN Cal Data Firmware Size
CVSS 7.8
CVE-2017-15124 HIGH
QEMU < 2.11.0 - Denial of Service via Unbounded VNC Framebuffer Updates
CVSS 7.5
CVE-2017-16753 HIGH
Advantech WebAccess <8.3 - Info Disclosure
CVSS 7.5
CVE-2017-8046 CRITICAL
Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request
CVSS 9.8
CVE-2017-18020 HIGH
Samsung Mobile L(5.x)-N(7.x) with Exynos - Arbitrary Code Execution in Bootloader via Ramfs Data Copy
CVSS 8.4
CVE-2017-18019 HIGH
K7 Total Security < 15.1.0.305 - Arbitrary Memory Read via K7Sentry Device Input
CVSS 7.1
CVE-2017-1000469 CRITICAL
cobbler < 2.8.2 - OS Command Injection via Add Repo Component
CVSS 9.8
CVE-2017-1000423 CRITICAL
b2evolution 6.6.0-6.8.10 - Unauthenticated Remote Code Execution via Input Validation Bypass
CVSS 9.8
CVE-2017-17967 MEDIUM
Kingsoft WPS Office 10.1.0.6930 - Denial of Service via Crafted PPT File
CVSS 5.5
CVE-2017-17952 HIGH
PHP Multivendor Ecommerce - Predictable Registration URL for Spoofed Email Registration
CVSS 8.6
CVE-2017-15667 HIGH
Flexense SysGauge Server 3.6.18 - Denial of Service via Crafted SERVER_GET_INFO Packet
CVSS 7.5
CVE-2017-13056 HIGH
PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution via Crafted PDF File
CVSS 7.8
CVE-2017-7154 MEDIUM
Apple <11.2 - Privilege Escalation/DoS
CVSS 6.6
CVE-2017-17862 MEDIUM
Linux Kernel < 4.14.8 - Denial of Service via BPF Verifier Branch Pruning Logic
CVSS 5.5
CVE-2017-17850 HIGH
Asterisk < 13.18.4, < 14.7.4, < 15.1.4, and < 13.18-cert1 - Denial of Service via Missing Contact Header in SIP Messages
CVSS 7.5
Details
Vulnerabilities 12,621
Exploit Likelihood High