CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-0712 HIGH
Android <7.1.2 - Privilege Escalation
CVSS 7.8
CVE-2017-1357 MEDIUM
IBM Maximo Asset Mgmt <7.6 - Privilege Escalation
CVSS 4.3
CVE-2017-5695 MEDIUM
Intel SSD 540s/Pro 5400s/E 5400s Firmware - Data Corruption via Improper Input Validation
CVSS 4.6
CVE-2017-8664 HIGH
Windows Hyper-V - Remote Code Execution via Improper Input Validation
CVSS 8.8
CVE-2017-8623 MEDIUM
Windows Hyper-V (>=Windows 10 1607, 1703, and Windows Server 2016) - Denial of Service via Improper Input Validation
CVSS 6.8
CVE-2017-9938 HIGH
SIMATIC Logon < V1.6 - Denial of Service via Crafted Packets to Remote Access Service
CVSS 7.5
CVE-2017-12676 MEDIUM
ImageMagick 7.0.6-3 - Denial of Service via Memory Leak in ReadOneJNGImage
CVSS 6.5
CVE-2017-12670 MEDIUM
ImageMagick 7.0.6-3 - Denial of Service via Missing Validation in MAT Coder
CVSS 6.5
CVE-2017-9801 HIGH
Apache Commons Email <1.5 - Info Disclosure
CVSS 7.5
CVE-2017-6770 MEDIUM
Cisco NX-OS 4.0-12.0 - Unauthenticated OSPF Routing Table Manipulation via Crafted LSA Type 1 Packets
CVSS 4.2
CVE-2017-6763 HIGH
Cisco Meeting Server 2.1.4 - Unauthenticated Denial of Service via H.264 FU-A Packet
CVSS 7.5
CVE-2017-6759 MEDIUM
Cisco Prime Collaboration Provisioning Tool 12.1 - Authenticated Arbitrary File Write via Upgrade Package Installation
CVSS 6.5
CVE-2017-11394 CRITICAL
Trend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php T Parameter
CVSS 9.8
CVE-2017-11393 CRITICAL
Trend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php tr Parameter
CVSS 9.8
CVE-2017-8390 CRITICAL
PAN-OS < 6.1.18, 7.x < 7.0.16, 7.1.x < 7.1.11, 8.x < 8.0.3 - Remote Code Execution via DNS Proxy
CVSS 9.8
CVE-2017-12145 MEDIUM
libquicktime 1.2.4 - Denial of Service via Crafted File in quicktime_read_ftyp
CVSS 6.5
CVE-2017-12143 MEDIUM
libquicktime 1.2.4 - Denial of Service via Crafted File in quicktime_read_info
CVSS 6.5
CVE-2017-8571 HIGH
Microsoft Outlook 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016 - Security Feature Bypass via Input Handling
CVSS 7.8
CVE-2017-1460 HIGH
IBM i 6.1-7.3 - Denial of Service via OSPF LSA Spoofing
CVSS 7.5
CVE-2017-9497 MEDIUM
Motorola MX011ANM - Command Injection
CVSS 6.8
CVE-2017-6256 HIGH
NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via DxgkDdiEscape Handler
CVSS 7.8
CVE-2017-6255 HIGH
NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via DxgkDdiEscape Handler
CVSS 7.8
CVE-2017-6254 HIGH
NVIDIA Windows GPU Display Driver - DoS or Privilege Escalation via DxgkDdiEscape Handler
CVSS 7.8
CVE-2017-11183 MEDIUM
GLPI < 9.1.4 - Authenticated Arbitrary File Deletion via Backup File Parameter
CVSS 4.9
CVE-2017-11665 HIGH
FFmpeg 3.3.2 - Denial of Service via Crafted RTMP Stream
CVSS 7.5
Details
Vulnerabilities 12,622
Exploit Likelihood High