CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-12252 HIGH
Cisco FindIT Network Discovery Utility - DLL Preloading
CVSS 7.8
CVE-2017-12250 MEDIUM
Cisco Wide Area Application Services - Unauthenticated Denial of Service via HTTP Request Input Validation
CVSS 5.3
CVE-2017-12215 HIGH
Cisco AsyncOS - Denial of Service via Email Message Filtering
CVSS 7.1
CVE-2017-12214 HIGH
Cisco Unified Customer Voice Portal 10.5, 11.0, 11.5 - Authenticated Privilege Escalation via OAMP Credential Reset
CVSS 8.8
CVE-2017-14617 HIGH
Poppler 0.59.0 - Denial of Service via Floating Point Exception in ImageStream
CVSS 7.8
CVE-2017-9804 HIGH
Apache Struts 2.3.7-2.3.33, 2.5-2.5.12 - DoS
CVSS 7.5
CVE-2017-9793 HIGH
Apache Struts 2.1.x 2.3.7-2.3.33 2.5-2.5.12 - Denial of Service via Malicious XML Payload
CVSS 7.5
CVE-2017-12611 CRITICAL
Apache Struts 2.0.0-2.3.33 and 2.5-2.5.10.1 - Remote Code Execution via Freemarker Tag Expression
CVSS 9.8
CVE-2017-7924 HIGH
DoS Exploitation of Allen-Bradley
CVSS 7.5
CVE-2017-14604 MEDIUM
GNOME Nautilus <3.23.90 - Info Disclosure
CVSS 6.5
CVE-2017-6315 CRITICAL
Astaro Security Gateway 7 - Remote Code Execution via index.plx Request
CVSS 9.8
CVE-2017-10700 CRITICAL
QNAP QTS - Unauthenticated Remote Code Execution in MediaLibrary Component
CVSS 9.8
CVE-2017-9333 HIGH
OpenWebif 1.2.5 - Remote Code Execution via CallOPKG Function URL Parameter
CVSS 8.8
CVE-2017-14520 HIGH
Poppler 0.59.0 - Denial of Service via Floating Point Exception in Splash::scaleImageYuXd()
CVSS 7.8
CVE-2017-14518 HIGH
Poppler 0.59.0 - Denial of Service via Crafted PDF Document
CVSS 7.8
CVE-2017-14511 HIGH
SAP E-Recruiting <617 - Auth Bypass
CVSS 7.5
CVE-2017-14509 HIGH
SugarCRM < 7.7.2.3, 7.8.x < 7.8.2.2, 7.9.x < 7.9.2.0 - Authenticated Remote File Inclusion via Connectors Module
CVSS 8.8
CVE-2017-14489 MEDIUM
Linux Kernel < 4.13.2 - Denial of Service via iscsi_if_rx Length Validation
CVSS 5.5
CVE-2017-1556 MEDIUM
IBM API Connect 5.0.7.0-5.0.7.2 - Authenticated Denial of Service via Regular Expression Attack
CVSS 6.5
CVE-2017-14430 HIGH
D-Link DIR-850L REV. A FW114WWb07_h2ab_beta1 and REV. B FW208WWb02 - Denial of Service via Crafted LAN Traffic
CVSS 7.5
CVE-2017-8754 MEDIUM
Microsoft Edge - Security Feature Bypass via Content Security Policy Validation
CVSS 4.2
CVE-2017-8723 MEDIUM
Microsoft Edge - Security Feature Bypass via Crafted Document CSP Validation
CVSS 4.3
CVE-2017-8714 HIGH
Windows Hyper-V - Remote Code Execution via Improper Input Validation
CVSS 7.8
CVE-2017-8704 MEDIUM
Windows Hyper-V - Denial of Service via Improper Input Validation
CVSS 5.3
CVE-2017-8699 HIGH
Windows Shell - Remote Code Execution via File Copy Destination Validation
CVSS 7.0
Details
Vulnerabilities 12,622
Exploit Likelihood High