CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-14388 HIGH
Cloud Foundry Foundation GrootFS <0.30.0 - Code Injection
CVSS 7.8
CVE-2017-13849 MEDIUM
iPhone OS < 11.1 - Denial of Service in CoreText via Crafted Text File
CVSS 5.5
CVE-2017-13809 HIGH
macOS < 10.13.1 - Remote Code Execution via AppleScript osadecompile Mishandling
CVSS 7.8
CVE-2017-13807 HIGH
macOS < 10.13.1 - Remote Code Execution or Denial of Service via Crafted QuickTime File
CVSS 7.8
CVE-2017-13804 MEDIUM
iPhone OS < 11.1, macOS < 10.13.1, tvOS < 11.1, watchOS < 4.1 - Arbitrary File Write via Crafted ZIP Archive
CVSS 5.5
CVE-2017-13790 MEDIUM
Safari < 11.0 - Address Bar Spoofing via Crafted Web Site
CVSS 6.5
CVE-2017-13789 MEDIUM
Safari < 11.0 - Address Bar Spoofing via Crafted Website
CVSS 6.5
CVE-2017-12802 MEDIUM
libebml2 < 2012-08-26 - Denial of Service via Crafted MKV File
CVSS 6.5
CVE-2017-12801 MEDIUM
libebml2 < 2012-08-26 - Denial of Service via Crafted MKV File
CVSS 6.5
CVE-2017-12783 MEDIUM
libebml2 < 2012-08-26 - Denial of Service via Crafted MKV File
CVSS 6.5
CVE-2017-12782 MEDIUM
libebml2 < 2012-08-26 - Denial of Service via Crafted MKV File
CVSS 6.5
CVE-2017-11461 MEDIUM
NetApp OnCommand Unified Manager - CSRF
CVSS 4.3
CVE-2017-16637 MEDIUM
Vectura Perfect Privacy VPN Manager <1.10.11 - Use After Free
CVSS 4.4
CVE-2017-14025 MEDIUM
ABB FOX515T 1.0 - Unauthenticated Arbitrary File Read via Improper Input Validation
CVSS 5.5
CVE-2017-14023 MEDIUM
Siemens SIMATIC PCS 7 <V8.1 SP1 - Auth Bypass
CVSS 4.9
CVE-2017-11177 HIGH
TRITON AP-EMAIL 8.2 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2017-16547 HIGH
GraphicsMagick 1.3.26 - Denial of Service via DrawImage Function
CVSS 8.8
CVE-2017-16538 MEDIUM
Linux Kernel <= 4.13.11 - Denial of Service via Crafted USB Device in lmedm04 Driver
CVSS 6.6
CVE-2017-16237 HIGH
Vir.IT eXplorer Anti-Virus <8.5.42 - Buffer Overflow
CVSS 7.8
CVE-2017-12277 HIGH
Cisco Firepower < - Command Injection
CVSS 8.8
CVE-2017-12276 HIGH
Cisco Prime Collaboration Provisioning - SQL Injection
CVSS 8.1
CVE-2017-12275 HIGH
Cisco Wireless LAN Controllers - DoS
CVSS 7.4
CVE-2017-12274 MEDIUM
Cisco Aironet 1560, 2800, and 3800 Series Access Points - Unauthenticated Denial of Service via Malformed EAP Frame
CVSS 6.5
CVE-2017-12273 MEDIUM
Cisco Aironet 1560/2800/3800 Series DoS via Malformed 802.11 Association Request
CVSS 6.5
CVE-2017-1000122 MEDIUM
WebKitGTK+ < 2.16.3 - Denial of Service via UNIX IPC Message Metadata
CVSS 5.3
Details
Vulnerabilities 12,622
Exploit Likelihood High