CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-10952 HIGH
Foxit Reader 8.2.0.2051 - Arbitrary File Write via saveAs JavaScript Function
CVSS 8.8
CVE-2017-13735 HIGH
LibRaw 0.18.2 - Denial of Service via Floating Point Exception in kodak_radc_load_raw
CVSS 7.5
CVE-2017-13685 MEDIUM
SQLite 3.20.0 - Denial of Service via Crafted File
CVSS 5.5
CVE-2017-2254 MEDIUM
Cybozu Garoon 3.5.0-4.2.5 - Denial of Service via Application Menu Edit Function
CVSS 4.9
CVE-2017-13709 HIGH
FlightGear - Arbitrary File Write via Global Property Tree Manipulation
CVSS 7.5
CVE-2017-12595 HIGH
qpdf 6.0.0 and 7.0.b1 - Denial of Service via Deep PDF Data Structure
CVSS 7.8
CVE-2017-13692 HIGH
Tidy 5.5.31 - Denial of Service via Invalid ISALNUM Argument
CVSS 7.5
CVE-2017-13147 HIGH
GraphicsMagick 1.3.26 - Denial of Service via MNG MEND Chunk Length Handling
CVSS 8.8
CVE-2017-13145 MEDIUM
ImageMagick < 6.9.8-8 and 7.x < 7.0.5-9 - Denial of Service via JP2 Channel Geometry Validation
CVSS 6.5
CVE-2017-13144 MEDIUM
ImageMagick < 6.9.7-9 - Denial of Service via Large Image Dimensions
CVSS 6.5
CVE-2017-12843 MEDIUM
Cyrus IMAP < 3.0.3 - Authenticated Arbitrary File Write via SYNCAPPLY, SYNCGET, or SYNCRESTORE Command
CVSS 6.5
CVE-2017-13061 MEDIUM
ImageMagick 7.0.6-5 - Denial of Service via ReadPSDLayersInternal Length Validation
CVSS 6.5
CVE-2017-12784 HIGH
Youngzsoft CC File Transfer 3.6 - Unauthenticated Denial of Service via Malformed HTTP Request Header
CVSS 7.5
CVE-2017-12976 HIGH
git-annex < 6.20170520 - Remote Code Execution via SSH URL Hostname Injection
CVSS 8.8
CVE-2017-12961 HIGH
GNU PSPP - Denial of Service via Assertion Abort in parse_attributes Function
CVSS 7.5
CVE-2017-8260 HIGH
Qualcomm Android Kernel - Out-of-Bounds Write via Type Downcast Validation Bypass
CVSS 7.8
CVE-2017-12859 MEDIUM
NetApp Data ONTAP < 8.2.4 - Denial of Service in 7-Mode NFS Environment
CVSS 5.9
CVE-2017-12939 CRITICAL
Unity Editor < 5.3.8p2, 5.4.x < 5.4.5p5, 5.5.x < 5.5.4p3, 5.6.x < 5.6.3p1, 2017.x < 2017.1.0p4 - Remote Code Execution
CVSS 9.8
CVE-2017-6785 MEDIUM
Cisco Unified Communications Manager - Privilege Escalation
CVSS 4.3
CVE-2017-6773 MEDIUM
Cisco ASR 5000 Series StarOS 21.0.v0.65839 - Authenticated Command Injection via CLI Input Sanitization Bypass
CVSS 6.7
CVE-2017-12426 HIGH
GitLab CE/EE <8.17.8, <9.0.13, <9.1.10, <9.2.10, <9.3.10, <9.4.4 - RCE
CVSS 8.8
CVE-2017-9800 CRITICAL
Subversion <1.8.19, 1.9.x <1.9.7, 1.10.0.x <=1.10.0-alpha3 - RCE
CVSS 9.8
CVE-2017-3752 HIGH
IBM and Lenovo Fabric Firmware - OSPF Routing Table Manipulation via Improper Input Validation
CVSS 8.2
CVE-2017-0724 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Denial of Service in Media Framework
CVSS 5.5
CVE-2017-0721 HIGH
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Remote Code Execution in libmpeg2
CVSS 7.8
Details
Vulnerabilities 12,622
Exploit Likelihood High