CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2017-2461 HIGH
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Denial of Service in CoreText
CVSS 7.5
CVE-2017-2453 MEDIUM
Safari < 10.1 - User Interface Spoofing via Crafted Web Site
CVSS 6.5
CVE-2017-2442 MEDIUM
Safari < 10.1 - Same Origin Policy Bypass via WebKit JavaScript Bindings
CVSS 6.5
CVE-2017-2434 CRITICAL
iPhone OS < 10.3 - Improper Input Validation in HomeKit
CVSS 9.8
CVE-2017-2414 MEDIUM
iPhone OS < 10.3 - Unauthenticated Exchange Traffic Exposure via Email Address Typo
CVSS 5.3
CVE-2017-2410 HIGH
macOS < 10.12.4 - Remote Code Execution in Kernel
CVSS 7.8
CVE-2017-2378 HIGH
Apple <10.3 - Remote Code Execution
CVSS 8.8
CVE-2017-7394 HIGH
TigerVNC 1.7.1 - Unauthenticated Denial of Service via Long Username
CVSS 7.5
CVE-2017-7346 MEDIUM
Linux Kernel < 4.10.7 - Denial of Service via vmw_gb_surface_define_ioctl
CVSS 5.5
CVE-2017-5185 HIGH
NetIQ Sentinel Server 8.0 - Remote Denial of Service
CVSS 7.5
CVE-2017-5226 CRITICAL
bubblewrap < 0.1.5 - Sandbox Escape via TIOCSTI ioctl
CVSS 10.0
CVE-2017-7301 HIGH
GNU Binutils <2.28 - Buffer Overflow
CVSS 7.5
CVE-2017-7183 HIGH
ExtraPuTTY < 0.29 - Denial of Service via Large TFTP Message
CVSS 7.5
CVE-2017-6464 MEDIUM
NTP < 4.2.8p10 and 4.3.x < 4.3.94 - Denial of Service via Malformed Mode Configuration Directive
CVSS 6.5
CVE-2017-6463 MEDIUM
NTP < 4.2.8p10 and 4.3.x < 4.3.94 - Authenticated Denial of Service via Invalid :config Directive
CVSS 6.5
CVE-2017-5932 HIGH
Bash 4.4 - Privilege Escalation via Path Autocompletion
CVSS 7.8
CVE-2017-7262 MEDIUM
AMD Ryzen < 2017-01-27 - Denial of Service via FMA3 Instruction Sequence
CVSS 5.5
CVE-2017-7261 MEDIUM
Linux Kernel < 4.10.5 - Denial of Service via vmw_surface_define_ioctl Zero-Size Pointer Dereference
CVSS 5.5
CVE-2017-7235 HIGH
cloudflare-scrape 1.6.6-1.7.1 - Remote Code Execution via Malicious Website
CVSS 8.8
CVE-2017-3858 HIGH
Cisco IOS XE 16.2.1 - Authenticated Remote Code Execution via HTTP Parameter Injection
CVSS 8.8
CVE-2017-3852 HIGH
Cisco IOx 1.0.0.0-1.1.0.0 - Authenticated Arbitrary File Write via Malicious Application Package
CVSS 8.1
CVE-2017-3850 MEDIUM
Cisco IOS 15.4-15.6 and IOS XE 3.7-3.18, 16 - Unauthenticated Denial of Service via Crafted IPv6 Packet
CVSS 5.9
CVE-2017-3849 HIGH
Cisco IOS - Unauthenticated Denial of Service via Crafted Autonomic Network Channel Discovery Packet
CVSS 7.4
CVE-2017-6837 MEDIUM
audiofile 0.3.6 - Denial of Service via Large Number of Coefficients in WAVE.cpp
CVSS 5.5
CVE-2017-3881 CRITICAL KEV
Cisco - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 12,622
Exploit Likelihood High