CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-9046 HIGH
Pegasus Mail <4.72 build 572 - Code Injection
CVSS 7.3
CVE-2017-9091 HIGH
Allen Disk 1.6 - CAPTCHA Bypass via Empty Captcha Parameter
CVSS 7.5
CVE-2017-9090 HIGH
Allen Disk 1.6 - CAPTCHA Bypass via Empty POST Parameter
CVSS 7.5
CVE-2017-6652 HIGH
Cisco TelePresence IX5000 Series - Unauthenticated Arbitrary File Read via Directory Traversal
CVSS 7.5
CVE-2017-9065 HIGH
WordPress < 4.7.5 - Unauthenticated Post Meta Data Access via XML-RPC API
CVSS 7.5
CVE-2017-9043 HIGH
GNU Binutils - Denial of Service via Crafted ELF File
CVSS 7.8
CVE-2017-8849 HIGH
smb4k < 2.0.1 - Privilege Escalation via Mount Helper DBUS Service
CVSS 7.8
CVE-2017-5215 CRITICAL
Codextrous B2J Contact <2.1.13 - RCE
CVSS 9.8
CVE-2017-3873 HIGH
Cisco Aironet 1800/2800/3800 Series AP 8.3.102.0 - RCE via PnP Server Response
CVSS 7.5
CVE-2017-3825 HIGH
Cisco TelePresence CE 8.1.1-8.3.1 - Unauthenticated Denial of Service via ICMP Packet
CVSS 7.5
CVE-2017-7478 HIGH
OpenVPN 2.3.12-2.3.14 - Unauthenticated Denial of Service via Large Control Packet
CVSS 7.5
CVE-2017-8934 MEDIUM
PCManFM 1.2.5 - Denial of Service via Insecure /tmp Socket File
CVSS 5.5
CVE-2017-8933 LOW
libmenu-cache 1.0.2 - Denial of Service via Insecure /tmp Socket File
CVSS 3.3
CVE-2017-7213 CRITICAL
Zoho ManageEngine Desktop Central <build 100082 - RCE
CVSS 10.0
CVE-2017-0620 HIGH
Android Kernel <3.18 - Privilege Escalation
CVSS 7.0
CVE-2017-0613 HIGH
Linux Kernel - Elevation of Privilege via Qualcomm Secure Execution Environment Communicator Driver
CVSS 7.0
CVE-2017-0280 MEDIUM
Microsoft Windows SMBv1 - Denial of Service via Crafted Requests
CVSS 5.9
CVE-2017-0273 MEDIUM
Microsoft Windows SMBv1 - Denial of Service via Crafted Requests
CVSS 5.9
CVE-2017-0269 MEDIUM
Microsoft Windows SMBv1 - Denial of Service via Crafted Requests
CVSS 5.9
CVE-2017-0256 MEDIUM
ASP.NET Core MVC - Spoofing via Improper Request Sanitization
CVSS 5.3
CVE-2017-0249 HIGH
ASP.NET Core MVC - Elevation of Privilege via Improper Web Request Sanitization
CVSS 7.3
CVE-2017-0247 HIGH
ASP.NET Core Mvc < 1.0.4 and 1.1.x < 1.1.3 - Denial of Service via Unicode Non-Character Encoding
CVSS 7.5
CVE-2017-0231 MEDIUM
Microsoft Edge and Internet Explorer - Spoofing via SmartScreen Filter Rendering
CVSS 4.3
CVE-2017-0212 HIGH
Windows Hyper-V - Elevation of Privilege via vSMB Packet Data Validation
CVSS 7.6
CVE-2017-0171 MEDIUM
Windows DNS Server - Denial of Service via Version Query Handling
CVSS 5.9
Details
Vulnerabilities 12,622
Exploit Likelihood High