CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2016-0276 MEDIUM
IBM Financial Transaction Manager 3.0.0.0-3.0.0.11 - Remote Code Execution via JMS ObjectMessage Deserialization
CVSS 6.3
CVE-2016-8535 LOW
HPE Matrix Operating Environment <7.6 - Info Disclosure
CVSS 3.5
CVE-2016-8530 HIGH
HPE Intelligent Management Center < 7.3 - Remote Denial of Service
CVSS 7.5
CVE-2016-8521 MEDIUM
HPE Diagnostics 9.24 IP1, 9.26, 9.26IP1 - Remote Clickjacking
CVSS 6.5
CVE-2016-10712 HIGH
PHP < 5.5.32, 5.6.x < 5.6.18, 7.x < 7.0.3 - Input Validation Bypass via Stream Metadata Manipulation
CVSS 7.5
CVE-2016-0300 MEDIUM
IBM TRIRIGA Application Platform <3.3.2.6, <3.4.2.3, <3.5.0.1 - Inf...
CVSS 5.4
CVE-2016-2983 HIGH
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 - Information Disclosure, Denial of Service, and Security Bypass
CVSS 8.1
CVE-2016-10710 HIGH
Biscom Secure File Transfer 5.0.1000-5.0.1048 - Authenticated Arbitrary File Read and Write via dataFieldId Parameter
CVSS 8.1
CVE-2016-0215 MEDIUM
IBM DB2 9.7, 10.1 < FP6, 10.5 < FP8 - Authenticated Denial of Service via SELECT with AVG OLAP Function
CVSS 6.5
CVE-2016-0207 MEDIUM
IBM Algorithmics One-Algo Risk App <5.1.0 - CSRF
CVSS 5.4
CVE-2016-10703 HIGH
ecstatic < 2.0.0 - Denial of Service via Malicious String Input
CVSS 7.5
CVE-2016-3090 HIGH
Apache Struts 2.x < 2.3.20 - Remote Code Execution via OGNL Expression Injection
CVSS 8.8
CVE-2016-4461 HIGH
Apache Struts 2.0.0-2.3.28 - Remote Code Execution via Forced Double OGNL Evaluation
CVSS 8.8
CVE-2016-9263 MEDIUM
WordPress < 4.8.2 - Cross-Domain Flash Injection via flashmediaelement.swf
CVSS 4.7
CVE-2016-8738 MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
CVSS 5.9
CVE-2016-5759 HIGH
mkdumprd - Local Privilege Escalation
CVSS 7.8
CVE-2016-4462 HIGH
Apache OFBiz - Authenticated Remote Code Execution via ExternalLoginKey Freemarker Injection
CVSS 8.8
CVE-2016-2977 MEDIUM
IBM Sametime 8.5.2, 9.0 - Unauthenticated Meeting Hand Lowering via Input Validation Bypass
CVSS 4.3
CVE-2016-10503 MEDIUM
IBM Sametime 8.5.2-9.0.1 - Authenticated Meeting Vote Spoofing via Hand Lowering
CVSS 4.3
CVE-2016-5872 CRITICAL
Qualcomm Products with Android CAF Linux Kernel - Improper Input Validation in QTEE Syscalls
CVSS 9.8
CVE-2016-10391 CRITICAL
Qualcomm Android - Improper Input Validation in HCI Command Length Check
CVSS 9.8
CVE-2016-10387 CRITICAL
Google Android - Improper Input Validation
CVSS 9.8
CVE-2016-10384 CRITICAL
Google Android - Improper Input Validation
CVSS 9.8
CVE-2016-10347 CRITICAL
Qualcomm Android Hypervisor - Improper Input Validation
CVSS 9.8
CVE-2016-4456 HIGH
gnutls 3.4.12 - Arbitrary File Write via GNUTLS_KEYLOGFILE Environment Variable
CVSS 7.5
Details
Vulnerabilities 12,622
Exploit Likelihood High