CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2016-8625 MEDIUM
curl < 7.51.0 - Unauthenticated Host Spoofing via Outdated IDNA 2003 Standard
CVSS 5.3
CVE-2016-8624 MEDIUM
curl < 7.51.0 - URL Authority Parsing Flaw via Hostname Ending with '#'
CVSS 5.3
CVE-2016-8631 MEDIUM
OpenShift Enterprise 3 - Route Overwrite via Improper Route Sorting
CVSS 6.3
CVE-2016-8611 MEDIUM
OpenStack Glance - Denial of Service via Unbounded Image Upload
CVSS 4.3
CVE-2016-8626 MEDIUM
Red Hat Ceph < 0.94.9-8 - Authenticated Denial of Service via POST Object Request
CVSS 6.5
CVE-2016-9578 HIGH
spice < 0.13.90 - Denial of Service via Crafted Protocol Messages
CVSS 7.5
CVE-2016-9577 HIGH
spice < 0.13.90 - Authenticated Heap Overflow via Crafted Protocol Messages
CVSS 7.5
CVE-2016-8647 MEDIUM
Ansible < 2.2.1.0 - Improper Input Validation in mysql_user Module
CVSS 4.9
CVE-2016-10728 MEDIUM
Suricata < 3.1.2 - Rule Grouping Bypass via ICMPv4 Error Packet
CVSS 5.3
CVE-2016-9494 MEDIUM
Hughes HN7740S DW7000 HN7000S/SM Firmware - Denial of Service via Malformed GET Request
CVSS 6.5
CVE-2016-6567 CRITICAL
SHDesigns Resident Download Manager - RCE
CVSS 9.8
CVE-2016-6565 HIGH
Imagely NextGen Gallery <2.1.57 - Info Disclosure
CVSS 7.5
CVE-2016-6542 LOW
iTrackEasy - Improper Input Validation in Device Tracking ID
CVSS 3.7
CVE-2016-9901 CRITICAL
Redhat Enterprise Linux Aus < 45.6.0 - Improper Input Validation
CVSS 9.8
CVE-2016-9076 MEDIUM
Firefox < 50.0 - Location Bar Spoofing via Select Dropdown Overlay
CVSS 5.9
CVE-2016-9065 HIGH
Firefox < 50.0 for Android - Location Bar Spoofing via Fullscreen Mode
CVSS 7.5
CVE-2016-5298 MEDIUM
Firefox < 50.0 - Favicon and SSL Indicator Spoofing via Page Load Disruption
CVSS 6.5
CVE-2016-5294 MEDIUM
Firefox < 45.5.0 and Thunderbird < 45.5.0 - Arbitrary File Write via Updater Working Directory
CVSS 5.5
CVE-2016-5293 MEDIUM
Firefox < 50 - Arbitrary Local File Write via Updater Log File Hardlink
CVSS 5.5
CVE-2016-5292 MEDIUM
Firefox < 50.0 - Denial of Service via Malicious URL Parsing
CVSS 6.5
CVE-2016-5291 MEDIUM
Firefox < 50 and Firefox ESR < 45.5 - Same-Origin Policy Bypass via Local Shortcut Files
CVSS 5.5
CVE-2016-9042 MEDIUM
ntp 4.2.8p9 - Unauthenticated Denial of Service via Origin Timestamp Check Bypass
CVSS 5.9
CVE-2016-10555 MEDIUM
jwt-simple < 0.3.0 - Unauthenticated Algorithm Substitution via jwt.decode()
CVSS 6.5
CVE-2016-10544 MEDIUM
uws 0.10.0-0.10.8 - Denial of Service via WebSocket Message Decompression
CVSS 5.9
CVE-2016-10543 MEDIUM
call 2.0.1-3.0.1 - Improper Input Validation via Empty Parameter Bypass
CVSS 5.3
Details
Vulnerabilities 12,622
Exploit Likelihood High