CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2016-10771 HIGH
cPanel 11.54.0.0-11.54.0.33 - Arbitrary File Creation and Permission Change via ModSecurity Audit Log Processing
CVSS 8.1
CVE-2016-10770 MEDIUM
cPanel 11.54.0.0-11.54.0.33 - Arbitrary File Overwrite during Roundcube Update
CVSS 6.5
CVE-2016-10768 MEDIUM
cPanel 11.54.0.0-11.54.0.32 - Arbitrary File Overwrite during MySQL Upgrade Preparation
CVSS 6.5
CVE-2016-10816 HIGH
cPanel 11.50.0.4-11.50.6.2 - Authenticated Remote Code Execution via Webmail Forwarders
CVSS 8.8
CVE-2016-10814 HIGH
cPanel 11.50.0.4-11.50.6.2 - Demo Mode Escape via show_template.stor
CVSS 8.8
CVE-2016-10824 CRITICAL
cPanel 11.50.0.4-11.50.5.1 - Unauthenticated Remote Code Execution via DNS NS Entry Poisoning
CVSS 9.8
CVE-2016-10823 HIGH
cPanel 11.50.0.4-11.50.5.2 - Remote Code Execution via MakeText Interpolation
CVSS 8.8
CVE-2016-10842 MEDIUM
cPanel 11.48.0.5-11.48.5.2 - Unauthenticated Arbitrary File Read via setup_global_spam_filter.pl
CVSS 6.5
CVE-2016-10858 CRITICAL
cPanel 11.48.0.5-11.48.4.8 - Unauthenticated Remote Code Execution via DNS NS Entry Poisoning
CVSS 9.8
CVE-2016-10855 CRITICAL
cPanel 11.48.0.5-11.48.5.2 - Unauthenticated Remote Code Execution via cpsrvd
CVSS 9.8
CVE-2016-10850 HIGH
cPanel 11.48.0.5-11.48.5.2 - Remote Code Execution via synccpaddonswithsqlhost Script
CVSS 8.8
CVE-2016-10765 MEDIUM
edx-platform < 2016-06-10 - Account Activation with Spoofed Email Address
CVSS 5.3
CVE-2016-1586 LOW
Oxide < 1.18.3 - Unauthenticated Use-After-Free via Incognito BrowserContext Reuse
CVSS 1.8
CVE-2016-10739 MEDIUM
glibc < 2.28 - Improper Input Validation in getaddrinfo
CVSS 5.3
CVE-2016-9749 MEDIUM
IBM Campaign 9.1.0, 9.1.2, 10.0, 10.1 - Authenticated Security Bypass via Improper Input Validation
CVSS 4.0
CVE-2016-2125 MEDIUM
Samba < 4.3.13 - Improper Authentication via Forwardable Kerberos Ticket Request
CVSS 6.5
CVE-2016-7475 HIGH
BIG-IP 11.4.0-11.6.1 - Denial of Service via SPDY/HTTP2 Connection Handling
CVSS 7.5
CVE-2016-7074 MEDIUM
PowerDNS Authoritative < 3.4.11 and Recursor < 4.0.4 - AXFR TSIG Signature Bypass via Missing Last Record Check
CVSS 5.3
CVE-2016-7073 MEDIUM
PowerDNS Authoritative < 3.4.11 and Recursor < 3.7.4 - AXFR TSIG Replay Attack via Missing Time Validation
CVSS 5.3
CVE-2016-7069 MEDIUM
dnsdist < 1.2.0 - Denial of Service via EDNS0 OPT Record Parsing
CVSS 5.9
CVE-2016-7068 MEDIUM
PowerDNS Authoritative < 3.4.11 and Recursor < 3.7.4 - Unauthenticated Denial of Service via Crafted DNS Queries
CVSS 5.3
CVE-2016-7072 MEDIUM
PowerDNS Authoritative < 3.4.11 and 4.0.2 - Unauthenticated Denial of Service via TCP Connection Exhaustion
CVSS 5.3
CVE-2016-1000232 MEDIUM
tough-cookie < 2.3.0 - Denial of Service via HTTP Cookie Header Parsing
CVSS 5.3
CVE-2016-9579 MEDIUM
Ceph Storage - Unauthenticated Denial of Service via CORS Policy Bypass
CVSS 6.5
CVE-2016-8651 LOW
OpenShift 3 - Unauthenticated Image Information Disclosure via Manifest Request
CVSS 3.1
Details
Vulnerabilities 12,622
Exploit Likelihood High