CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-2709 MEDIUM
HiGame < 7.3.0 and SkyTone < 8.1.1 - Denial of Service via Malformed Packet Input
CVSS 5.5
CVE-2017-11402 CRITICAL
Belden Tofino Xenon Security Appliance Firmware < 3.1.0 - Firewall Bypass via OPC Dynamic Port Shift
CVSS 9.8
CVE-2017-1000230 HIGH
Snap7 Server 1.4.1 - Denial of Service via ReadVar/WriteVar ItemCount Field
CVSS 7.5
CVE-2017-16845 CRITICAL
Qemu < 2.11.2 - Out-of-Bounds Access in PS2 Migration Handler
CVSS 10.0
CVE-2017-13703 HIGH
MOXA EDS-G512E 5.1 build 16072215 - Denial of Service
CVSS 7.5
CVE-2017-1000169 CRITICAL
QuickerBB <= 0.7.2 - Arbitrary File Write and Remote Code Execution
CVSS 9.8
CVE-2017-1000247 HIGH
CodeIgniter 3.1.3 - HTTP Header Injection via set_status_header()
CVSS 7.5
CVE-2017-1000228 CRITICAL
ejs < 2.5.3 - Remote Code Execution via Weak Input Validation in ejs.renderFile()
CVSS 9.8
CVE-2017-1000189 HIGH
ejs < 2.5.5 - Denial of Service via Weak Input Validation in ejs.renderFile()
CVSS 7.5
CVE-2017-1000201 MEDIUM
tcmu-runner 1.0.5-1.2.0 - Local Denial of Service
CVSS 5.5
CVE-2017-0858 HIGH
Android 7.0 7.1.1 7.1.2 8.0 - Remote Code Execution in Media Framework
CVSS 7.5
CVE-2017-11027 HIGH
Android for MSM - Uninitialized Data Access via UBI Image Flashing
CVSS 7.8
CVE-2017-4931 HIGH
VMware AirWatch Console <9.2.0 - Privilege Escalation
CVSS 7.8
CVE-2017-12313 MEDIUM
Cisco Network Academy Packet Tracer - Code Injection
CVSS 6.7
CVE-2017-12312 MEDIUM
Cisco Advanced Malware Protection for Endpoints - Authenticated DLL Hijacking via Untrusted Search Path
CVSS 6.7
CVE-2017-12311 MEDIUM
Cisco Meeting Server - Denial of Service via Malformed H.264 Frame
CVSS 5.8
CVE-2017-12300 MEDIUM
Cisco Firepower System Software - Auth Bypass
CVSS 5.8
CVE-2017-12299 MEDIUM
Cisco ASA Next-Generation Firewall Services - SSRF
CVSS 5.3
CVE-2017-16837 HIGH
Trusted Boot through 1.9.6 - Arbitrary Code Execution via Unvalidated Function Pointers
CVSS 7.8
CVE-2017-15270 MEDIUM
psftpd 10.0.4 Build 729 - Log Injection via CSV Escape Bypass
CVSS 5.3
CVE-2017-14961 HIGH
IKARUS anti.virus 2.16.7 - Arbitrary Write via ntguard.sys IOCtl 0x8300000c
CVSS 7.8
CVE-2017-8815 HIGH
MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - Attribute Injection via Language Converter Glossary Rules
CVSS 7.5
CVE-2017-8814 HIGH
MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - Text Injection via Language Converter Rule Definition
CVSS 7.5
CVE-2017-8811 MEDIUM
MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - HTML Mangling via Raw Message Parameter Expansion
CVSS 6.1
CVE-2017-11863 MEDIUM
Microsoft Edge - Security Feature Bypass via CSP Validation
CVSS 6.1
Details
Vulnerabilities 12,622
Exploit Likelihood High