CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-11346 CRITICAL
ManageEngine Desktop Central < 10.0 - Remote Code Execution via Help Desk Video Upload
CVSS 9.8
CVE-2017-11342 HIGH
libsass 3.4.5 - Denial of Service via Illegal Address Access in ast.cpp
CVSS 7.5
CVE-2017-11340 MEDIUM
Exiv2 0.26 - Denial of Service via XmpParser::terminate() Segmentation Fault
CVSS 6.5
CVE-2017-10605 HIGH
Juniper Junos OS 12.1X46 < D67, 12.3X48 < D50, 15.1X49 < D91/D100 - Denial of Service via Crafted DHCP Packet
CVSS 8.6
CVE-2017-1000048 HIGH
ljharb's qs module <6.3.2 - DoS
CVSS 7.5
CVE-2017-1000039 CRITICAL
Framadate 1.0 - Info Disclosure, Code Execution
CVSS 9.8
CVE-2017-1000018 HIGH
phpMyAdmin 4.0-4.0.10.18, 4.6-4.6.5 - Denial of Service via Replication Status Table Name
CVSS 7.5
CVE-2017-1000016 HIGH
phpMyAdmin 4.6.0-4.6.5 - Arbitrary Cookie Injection via Improper Input Validation
CVSS 7.5
CVE-2017-1000014 HIGH
phpMyAdmin 4.0, 4.4, 4.6 - Denial of Service in Table Editing Functionality
CVSS 7.5
CVE-2017-1000001 HIGH
FedMsg < 0.18.1 - Improper Input Validation
CVSS 7.5
CVE-2017-9788 CRITICAL
Apache httpd <2.2.34 & 2.4.x <2.4.27 - Info Disclosure
CVSS 9.1
CVE-2017-7672 MEDIUM
Apache Struts 2.5.0-2.5.10.1 - Denial of Service via URLValidator
CVSS 5.9
CVE-2017-1285 MEDIUM
IBM WebSphere MQ 9.0.1-9.0.2 - Authenticated Denial of Service via Crafted Message
CVSS 6.5
CVE-2017-8611 MEDIUM
Microsoft Edge - Spoofing via Crafted Web Content
CVSS 6.5
CVE-2017-8602 MEDIUM
Microsoft Edge and Internet Explorer - Spoofing via HTTP Content Parsing
CVSS 6.5
CVE-2017-8599 MEDIUM
Microsoft Edge - Security Feature Bypass via Improper CSP Validation
CVSS 6.5
CVE-2017-8585 HIGH
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 - Denial of Service via Specially Crafted Requests
CVSS 7.5
CVE-2017-8566 HIGH
Microsoft Windows 1607, 1703, and Windows Server 2016 - Elevation of Privilege via IME DCOM Method
CVSS 7.0
CVE-2017-7730 HIGH
iSmartAlarm CubeOne Firmware - Denial of Service via SYN Flood on Port 12345
CVSS 7.5
CVE-2017-6735 MEDIUM
Cisco FireSIGHT System Software 6.2.0-6.2.1 - Authenticated Remote Code Execution via Backup and Restore Functionality
CVSS 6.7
CVE-2017-6727 MEDIUM
Cisco Wide Area Application Services 6.2(3a) - Unauthenticated Denial of Service via SMB Protocol
CVSS 5.3
CVE-2017-9791 CRITICAL KEV
Apache Struts 2.1.x and 2.3.x - Remote Code Execution via ActionMessage Field Value
CVSS 9.8
CVE-2017-11112 HIGH
ncurses 6.0 - Denial of Service via Terminfo Data Parsing
CVSS 7.5
CVE-2017-11104 MEDIUM
Knot DNS < 2.4.5 and 2.5.x < 2.5.2 - TSIG Authentication Bypass via Improper Validity Period Check
CVSS 5.9
CVE-2017-11102 HIGH
GraphicsMagick 1.3.26 - Denial of Service via Zero-Length JNG Color Image
CVSS 7.5
Details
Vulnerabilities 12,622
Exploit Likelihood High