CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-5948 MEDIUM
OxygenOS - Unauthenticated Downgrade Attack via OTA Update Script
CVSS 5.9
CVE-2017-6867 MEDIUM
Siemens SIMATIC WinCC <7.3 Upd 11 & <7.4 SP1 - DoS
CVSS 4.9
CVE-2017-6865 MEDIUM
Siemens SIMATIC PCS 7 - Denial of Service via PROFINET DCP Broadcast Packets
CVSS 6.5
CVE-2017-0355 MEDIUM
NVIDIA GPU Display Driver - Denial of Service via DxgkDdiEscape Handler
CVSS 5.5
CVE-2017-0354 MEDIUM
NVIDIA GPU Display Driver - Denial of Service via DxgkDdiEscape Kernel Mode Handler
CVSS 4.7
CVE-2017-0353 MEDIUM
NVIDIA GPU Display Driver - Denial of Service via Kernel Mode Layer Handler
CVSS 5.5
CVE-2017-0350 HIGH
NVIDIA GPU Display Driver - Denial of Service or Privilege Escalation via Kernel Mode Layer Handler
CVSS 7.8
CVE-2017-0346 HIGH
NVIDIA Windows GPU Display Driver - Denial of Service or Privilege Escalation via DxgkDdiEscape Buffer Size Validation
CVSS 7.8
CVE-2017-3733 HIGH
OpenSSL 1.1.0-1.1.0d - Denial of Service via Encrypt-Then-Mac Renegotiation
CVSS 7.5
CVE-2017-6620 MEDIUM
Cisco CVR100W Wireless-N VPN Router - Unauthenticated Remote Management ACL Bypass via Ingress Connection Request
CVSS 5.8
CVE-2017-7428 MEDIUM
NetIQ iManager <3.0.3.1 - Info Disclosure
CVSS 5.3
CVE-2017-6551 CRITICAL
Pexip Infinity < 14.1 - Remote Code Execution and Denial of Service via Conferencing Nodes
CVSS 9.8
CVE-2017-8396 HIGH
GNU Binutils 2.28 - Denial of Service via Invalid Read in BFD Library
CVSS 7.5
CVE-2017-7721 HIGH
IrfanView <4.45 - Memory Corruption
CVSS 7.8
CVE-2017-7957 HIGH
Redhat Fuse < 1.4.9 - Improper Input Validation
CVSS 7.5
CVE-2017-2154 HIGH
Hanako <various - Privilege Escalation
CVSS 7.8
CVE-2017-2153 HIGH
SEIL/x86 Fuji, SEIL/BPV4, SEIL/X1, SEIL/X2, SEIL/B1 <=5.62 - DoS via Crafted IPv4 UDP Packets
CVSS 7.5
CVE-2017-2100 MEDIUM
AppGoat < 3.0.1 - DNS Rebinding Attack
CVSS 6.3
CVE-2017-8288 HIGH
gnome-shell 3.22-3.24.1 - Improper Input Validation in Extension Reload Handling
CVSS 8.1
CVE-2017-3162 HIGH
Apache Hadoop < 2.7.0 - Server-Side Request Forgery via Unvalidated NameNode Parameter
CVSS 7.3
CVE-2017-8219 MEDIUM
TP-Link C2 and C20i Firmware < 0.9.1_4.2_v0032.0_build_160706 - Denial of Service via Crafted Cookie Header
CVSS 6.5
CVE-2017-5041 MEDIUM
Google Chrome <57.0.2987.100 - Info Disclosure
CVSS 4.3
CVE-2017-2340 MEDIUM
Juniper Networks Junos OS <15.1R4-16.1R3 - DoS
CVSS 5.3
CVE-2017-2313 HIGH
Junos OS 15.1-16.2 - Denial of Service via Crafted BGP UPDATE
CVSS 7.5
CVE-2017-7220 HIGH
OpenText Documentum Content Server - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 12,622
Exploit Likelihood High