CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-7522 MEDIUM
OpenVPN < 2.4.3 and < 2.3.17 - Authenticated Denial of Service via Certificate with Embedded NULL Character
CVSS 6.5
CVE-2017-6662 HIGH
Cisco Prime Infrastructure 1.1-3.1.6 & Evolved Programmable Network Manager 1.2-2.1 - Authenticated RCE via XXE
CVSS 8.0
CVE-2017-9773 MEDIUM
Horde_Image 2.x - Denial of Service via Null Image Driver
CVSS 5.7
CVE-2017-9778 MEDIUM
GDB < 8.0 - Denial of Service via Negative DWARF Section Length
CVSS 5.5
CVE-2017-3098 CRITICAL
Adobe Captivate <= 9 - Remote Code Execution and Arbitrary File Write via Quiz Reporting Feature
CVSS 9.8
CVE-2017-9741 CRITICAL
ProjectSend r754 - Remote Code Execution via dbprefix Parameter
CVSS 9.8
CVE-2017-9675 HIGH
D-Link DIR-605L <2.08UIBetaB01.bin - DoS
CVSS 7.5
CVE-2017-8555 MEDIUM
Microsoft Edge - Security Feature Bypass via Improper CSP Validation
CVSS 4.3
CVE-2017-8545 MEDIUM
Microsoft Outlook for Mac - Spoofing via Improper HTML Sanitization
CVSS 6.5
CVE-2017-7676 CRITICAL
Apache Ranger <0.7.1 - Path Traversal
CVSS 9.8
CVE-2017-7369 HIGH
Android - Kernel Stack Corruption via ALSA Array Index Validation
CVSS 7.8
CVE-2017-7366 MEDIUM
Android <Linux Kernel - Buffer Overflow
CVSS 5.5
CVE-2017-6690 MEDIUM
Cisco ASR 5000 Series StarOS - Authenticated Arbitrary File Write via File Check Operation
CVSS 4.9
CVE-2017-6680 HIGH
Cisco Ultra Services Framework 21.0.0 - Unauthenticated Arbitrary Directory Creation via AutoVNF Logging Function
CVSS 7.5
CVE-2017-6674 HIGH
Cisco Firepower System Software 6.0.1-6.2.1 - Unauthenticated URL Filter Bypass via Feature-License Management
CVSS 7.5
CVE-2017-6671 HIGH
Cisco Email Security Appliance - Unauthenticated Filter Bypass via Email Message Scanning
CVSS 7.5
CVE-2017-6667 CRITICAL
Cisco Context Service SDK - Unauthenticated Remote Code Execution via Dynamic JAR File Update
CVSS 9.8
CVE-2017-6656 MEDIUM
Cisco IP Phone 8800 Series - Unauthenticated Denial of Service via SIP Call Handling
CVSS 5.9
CVE-2017-4994 HIGH
Cloud Foundry Foundation cf-release <v263 - Info Disclosure
CVSS 7.5
CVE-2017-2773 CRITICAL
PCF Elastic Runtime <1.6.60/1.7.41/1.8.23/1.9.1 - Unauthenticated JWT Impersonation
CVSS 9.8
CVE-2017-2179 HIGH
AppGoat < 3.0.2 - Remote Code Execution
CVSS 8.8
CVE-2017-9022 HIGH
strongSwan < 5.5.3 - Denial of Service via RSA Public Key Validation in gmp Plugin
CVSS 7.5
CVE-2017-6638 HIGH
Cisco AnyConnect Secure Mobility Client < 4.4.02034 - Authenticated Local Privilege Escalation via DLL Hijacking
CVSS 7.8
CVE-2017-7564 HIGH
ARM Trusted Firmware <= 1.3 - Denial of Service via Debug Exception Handling
CVSS 7.5
CVE-2017-1000368 HIGH
Todd Miller's sudo <1.8.20p1 - Info Disclosure, Command Injection
CVSS 8.2
Details
Vulnerabilities 12,622
Exploit Likelihood High