CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-15944 CRITICAL KEV
Palo Alto Network PAN-OS - Remote Code Execution
CVSS 9.8
CVE-2017-10897 MEDIUM
Buffalo BBR-4HG and BBR-4MG Firmware 1.00-1.48 and 2.00-2.07 - Denial of Service
CVSS 4.5
CVE-2017-15121 MEDIUM
Red Hat Enterprise Linux 6-7 - Denial of Service via FUSE Filesystem Hole Punch
CVSS 5.5
CVE-2017-13148 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Denial of Service in libmpeg2
CVSS 6.5
CVE-2017-0878 HIGH
Android 8.0 - Remote Code Execution in Media Framework libhevc
CVSS 8.8
CVE-2017-0877 HIGH
Android 6.0 - Remote Code Execution in Media Framework libavc
CVSS 8.8
CVE-2017-0876 HIGH
Android 6.0 - Remote Code Execution in Media Framework libavc
CVSS 8.8
CVE-2017-0874 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Denial of Service in Media Framework
CVSS 6.5
CVE-2017-0873 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Denial of Service in Media Framework
CVSS 6.5
CVE-2017-0872 HIGH
Android 7.0-8.0 - Remote Code Execution in libskia
CVSS 8.8
CVE-2017-15868 HIGH
Linux Kernel < 3.19 - Local Privilege Escalation via BNEP Connection Handling
CVSS 7.8
CVE-2017-14914 CRITICAL
Android for MSM - Use-After-Free via Stale Global Client Structure Handles
CVSS 9.8
CVE-2017-14909 CRITICAL
Android for MSM - Improper Input Validation in Count Value Handling
CVSS 9.8
CVE-2017-14908 CRITICAL
Android for MSM - Improper Input Validation in SafeSwitch Test Application
CVSS 9.8
CVE-2017-15707 MEDIUM
Apache Struts 2.5-2.5.14 - Denial of Service via Malicious JSON Payload
CVSS 6.2
CVE-2017-17086 CRITICAL
Indeo Otter < 1.7.4 - Denial of Service via Script Tag Injection in Plan Editor
CVSS 9.8
CVE-2017-17065 HIGH
D-Link DIR-605L Model B <FW2.11betaB06_hbrf - DoS
CVSS 7.5
CVE-2017-12367 CRITICAL
Cisco WebEx Network Recording Player - DoS
CVSS 9.6
CVE-2017-12355 MEDIUM
Cisco IOS XR - Denial of Service via Crafted XML Requests
CVSS 5.3
CVE-2017-12338 MEDIUM
Cisco NX-OS System Software - Info Disclosure
CVSS 6.0
CVE-2017-12336 MEDIUM
Cisco NX-OS - Authenticated Command Execution via TCL Scripting Subsystem
CVSS 4.2
CVE-2017-12334 MEDIUM
Cisco NX-OS System Software - Command Injection
CVSS 6.7
CVE-2017-12328 MEDIUM
Cisco IP Phone 8800 Series - Denial of Service via Malformed SIP Packet Header
CVSS 5.8
CVE-2017-12297 MEDIUM
Cisco WebEx Meeting Center - Authenticated URL Redirection via HTTP Traffic
CVSS 5.0
CVE-2017-16952 MEDIUM
KMPlayer 4.2.2.4 - Denial of Service via Crafted NSV File
CVSS 5.5
Details
Vulnerabilities 12,622
Exploit Likelihood High