CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-11099 HIGH
SWFTools 0.9.2 - Denial of Service via Crafted File in wav2swf
CVSS 8.8
CVE-2017-11098 HIGH
SWFTools 0.9.2 - Denial of Service via Crafted PNG File in png2swf
CVSS 8.8
CVE-2017-7950 MEDIUM
Nitro Pro < 11.0.3 - Denial of Service via Crafted PCX File
CVSS 5.5
CVE-2017-0696 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Denial of Service in Media Framework
CVSS 5.5
CVE-2017-0694 MEDIUM
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Denial of Service in Media Framework
CVSS 5.5
CVE-2017-0689 MEDIUM
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Denial of Service in Media Framework
CVSS 5.5
CVE-2017-0676 HIGH
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Remote Code Execution in Media Framework
CVSS 7.8
CVE-2017-0675 HIGH
Android 6.0.1 7.0 7.1.1 7.1.2 - Remote Code Execution in Media Framework
CVSS 7.8
CVE-2017-0674 HIGH
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Remote Code Execution in Media Framework
CVSS 7.8
CVE-2017-0672 MEDIUM
Android 7.0 7.1.1 7.1.2 - Denial of Service in Libraries
CVSS 5.5
CVE-2017-0667 HIGH
Android <7.1.2 - Privilege Escalation
CVSS 7.8
CVE-2017-0665 HIGH
Android <7.1.2 - Privilege Escalation
CVSS 7.8
CVE-2017-9524 HIGH
QEMU < 2.9.1 - Denial of Service via NBD Server Initialization Failure
CVSS 7.5
CVE-2017-1236 MEDIUM
IBM WebSphere MQ 9.0.2 - Authenticated Denial of Service via Channel Status Inquiry
CVSS 6.5
CVE-2017-10923 MEDIUM
Xen through 4.8.x - Denial of Service via Invalid vCPU Array Index in SGI Handling
CVSS 6.5
CVE-2017-10918 CRITICAL
Xen < 4.8.1 - Privilege Escalation via P2M Memory Allocation
CVSS 10.0
CVE-2017-6721 MEDIUM
Cisco Wide Area Application Services - Denial of Service via Fragmented TCP Packet Processing
CVSS 5.3
CVE-2017-6719 MEDIUM
Cisco IOS XR Software - Command Injection
CVSS 6.7
CVE-2017-6718 MEDIUM
Cisco IOS XR Software - Privilege Escalation
CVSS 6.7
CVE-2017-5944 HIGH
Request Tracker 4.x < 4.0.25, 4.2.x < 4.2.14, 4.4.x < 4.4.2 - Remote Code Execution via Dashboard
CVSS 8.8
CVE-2017-2298 MEDIUM
mcollective-sshkey-security <0.5.1 - Path Traversal
CVSS 6.5
CVE-2017-10674 MEDIUM
Antiy Antivirus Engine 5.0.0.06281654 - Denial of Service via Long DeviceIoControl Argument
CVSS 5.5
CVE-2017-10688 HIGH
LibTIFF 4.0.8 - Denial of Service via TIFFWriteDirectoryTagCheckedLong8Array Assertion Abort
CVSS 7.5
CVE-2017-4997 CRITICAL
EMC VASA Provider Virtual Appliance <8.3 - RCE
CVSS 9.8
CVE-2017-9982 HIGH
TeamSpeak Client 3.0.19 - Denial of Service via Unicode Character Sequence
CVSS 7.5
Details
Vulnerabilities 12,622
Exploit Likelihood High