CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-8682 HIGH
Microsoft Office 2007 - Improper Input Validation
CVSS 8.8
CVE-2017-1519 MEDIUM
IBM DB2 10.5-11.1 - Denial of Service
CVSS 5.9
CVE-2017-14344 HIGH
Jungos WinDriver <12.4.0 - Privilege Escalation
CVSS 7.8
CVE-2017-14335 HIGH
Beijing Hanbang Hanbanggaoke - Info Disclosure
CVSS 7.5
CVE-2017-14231 MEDIUM
GeniXCMS < 1.1.0 - Denial of Service via Username Substring Handling
CVSS 5.3
CVE-2017-14230 CRITICAL
Cyrus IMAP <3.0.4 - Info Disclosure
CVSS 9.1
CVE-2017-6795 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 4.4
CVE-2017-6794 MEDIUM
Cisco Meeting Server - Command Injection
CVSS 6.7
CVE-2017-6792 MEDIUM
Cisco Prime Collaboration Provisioning Tool - Privilege Escalation
CVSS 6.5
CVE-2017-12223 MEDIUM
Cisco IR800 Router Firmware - Unauthenticated RCE via ROMMON Variable Manipulation
CVSS 6.4
CVE-2017-12218 MEDIUM
Cisco AsyncOS Software - Info Disclosure
CVSS 5.8
CVE-2017-12217 MEDIUM
Cisco ASR 5500 System Architecture Evolution Gateway - Denial of Service via GPRS Tunneling Protocol Packet Header
CVSS 5.3
CVE-2017-14169 HIGH
FFmpeg 2.4-3.3.3 - Integer Signedness Error in MXF Primer Pack Parser
CVSS 8.8
CVE-2017-14098 HIGH
Asterisk 13.x < 13.17.1 and 14.x < 14.6.1 - Denial of Service via Crafted PJSIP tel URI
CVSS 7.5
CVE-2017-12874 HIGH
SimpleSAMLphp InfoCard Module < 1.0.1 - XML Signature Validation Spoofing
CVSS 7.5
CVE-2017-14105 HIGH
HiveManager Classic through 8.1r1 - Authenticated Arbitrary JSP Code Execution via Backup Archive Restore
CVSS 7.8
CVE-2017-3898 MEDIUM
McAfee LiveSafe <16.0.3 - Privilege Escalation
CVSS 5.9
CVE-2017-12869 HIGH
SimpleSAMLphp < 1.14.13 - Authentication Bypass via Multiauth Module Input Validation
CVSS 7.5
CVE-2017-0901 HIGH
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
CVSS 7.5
CVE-2017-0900 HIGH
RubyGems < 2.6.12 - Denial of Service via Malicious Gem Specification
CVSS 7.5
CVE-2017-14063 HIGH
async-http-client < 2.0.35 - Server-Side Request Forgery via Fragment Identifier
CVSS 7.5
CVE-2017-9945 MEDIUM
Siemens 7KM PAC Switched Ethernet PROFINET Expansion Module < V2.1.3 - DoS via PROFINET DCP Broadcast
CVSS 6.5
CVE-2017-13767 HIGH
Wireshark 2.4.0 2.2.0-2.2.8 2.0.0-2.0.14 - Denial of Service via MSDP Dissector Infinite Loop
CVSS 7.5
CVE-2017-1428 MEDIUM
IBM Cognos Analytics 11.0 - Clickjacking via Malicious Web Site
CVSS 6.1
CVE-2017-12775 HIGH
Question2Answer < 1.7.4 - Unauthenticated User Account Creation via qa-install.php
CVSS 7.5
Details
Vulnerabilities 12,622
Exploit Likelihood High