CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-12287 MEDIUM
Cisco Expressway Series/Cisco VCS - DoS
CVSS 4.3
CVE-2017-12286 MEDIUM
Cisco Jabber - Authenticated Information Disclosure via Web Interface
CVSS 5.5
CVE-2017-12285 MEDIUM
Cisco Network Analysis Module Software - Path Traversal
CVSS 5.3
CVE-2017-15591 MEDIUM
Xen 4.5.x-4.9.x - Denial of Service via DMOP Map/Unmap Implementation
CVSS 6.5
CVE-2017-3759 HIGH
Lenovo Service Framework - Remote Code Execution via Improper Server Response Validation
CVSS 8.1
CVE-2017-0316 HIGH
GeForce Experience 3.x < 3.10.0.55 - Denial of Service or Privilege Escalation via Unvalidated User Input
CVSS 7.8
CVE-2017-10615 CRITICAL
Junos OS 14.1R5-14.1R8-S3, 14.1R9 and 14.1X53 < D50 - Unauthenticated Remote Code Execution via PAM
CVSS 9.8
CVE-2017-10610 HIGH
Juniper Junos OS DoS via Crafted ICMP Packet in NAT64 Tunnel
CVSS 7.5
CVE-2017-15012 HIGH
OpenText Documentum Content Server < 7.3 - Authenticated Arbitrary File Read via PUT_FILE RPC Command
CVSS 8.8
CVE-2017-11782 HIGH
Microsoft Windows 10 1607 & Windows Server 2016 - Privilege Escalation
CVSS 7.8
CVE-2017-11781 HIGH
Microsoft Windows SMB - Denial of Service via Specially Crafted Requests
CVSS 7.5
CVE-2017-11771 CRITICAL
Windows Search - Remote Code Execution via DNS Response Handling
CVSS 9.8
CVE-2017-11763 HIGH
Microsoft Graphics Component - Remote Code Execution via Embedded Font Handling
CVSS 8.8
CVE-2017-11762 HIGH
Microsoft Graphics Component - Remote Code Execution via Embedded Font Handling
CVSS 8.8
CVE-2017-15285 HIGH
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 - Remote Code Execution via Attachments Section
CVSS 8.8
CVE-2017-8025 HIGH
RSA Archer GRC Platform < 6.2.0.5 - Unauthenticated Arbitrary File Upload via Attachment Feature
CVSS 7.4
CVE-2017-5721 HIGH
Intel NUC7i3BNK NUC7i3BNH NUC7i5BNK NUC7i5BNH NUC7i7BNH <= BN0049 - Arbitrary Code Execution via Memory Manipulation
CVSS 7.5
CVE-2017-8994 CRITICAL
HPE Operations Orchestration <10.80 - RCE
CVSS 9.8
CVE-2017-15185 MEDIUM
libmp3splt 0.9.2 - Denial of Service via Crafted OGG File
CVSS 5.0
CVE-2017-9272 HIGH
Micro Focus Bi-directional Driver < 4.0.3.0 - Denial of Service
CVSS 7.5
CVE-2017-1002153 HIGH
Koji 1.13.0 - Improper Input Validation in SCM Path Handling
CVSS 7.5
CVE-2017-14087 HIGH
Trend Micro OfficeScan XG 12.0 - Host Header Injection
CVSS 7.5
CVE-2017-12264 MEDIUM
Cisco Meeting Server - Unauthenticated Denial of Service via Malicious HTTP Packet
CVSS 5.3
CVE-2017-12246 HIGH
Cisco Adaptive Security Appliance Software - Unauthenticated Denial of Service via HTTP Header Input Validation
CVSS 8.6
CVE-2017-12244 HIGH
Cisco Firepower System Software - DoS
CVSS 8.6
Details
Vulnerabilities 12,622
Exploit Likelihood High