CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,622 vulnerabilities with CWE-20
CVE-2016-7976 HIGH
Ghostscript 9.18 and 9.20 - Remote Code Execution via Crafted Userparams
CVSS 8.8
CVE-2016-9719 MEDIUM
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, 11.6 - Clickjacking
CVSS 5.7
CVE-2016-9717 MEDIUM
IBM InfoSphere Master Data Management 10.1-11.6 - HTTP Parameter Override via Duplicated Parameters
CVSS 6.5
CVE-2016-2161 HIGH
Apache HTTP Server 2.4.0-2.4.23 - Denial of Service via mod_auth_digest Input
CVSS 7.5
CVE-2016-10397 HIGH
PHP < 5.6.28 and 7.x < 7.0.13 - URL Parsing Bypass via Incorrect Hostname Validation
CVSS 7.5
CVE-2016-10338 HIGH
Android - Improper Input Validation in RPMB Processing
CVSS 7.8
CVE-2016-10337 MEDIUM
Android - Improper Input Validation in Secure Application Validation
CVSS 5.5
CVE-2016-8218 CRITICAL
Cloud Foundry Foundation <0.142.0 and cf-release 203-231 - Auth Bypass
CVSS 9.8
CVE-2016-7821 MEDIUM
Buffalo WNC01WH <= 1.0.0.8 - Denial of Service
CVSS 6.5
CVE-2016-9977 HIGH
IBM Maximo Asset Management 7.1, 7.5, 7.6 - Session Hijacking via Invalid Session Identifier
CVSS 8.8
CVE-2016-6087 CRITICAL
IBM Domino 8.5-9.0 - Credential Theft via TLS Key Exchange Validation
CVSS 9.8
CVE-2016-2165 MEDIUM
cf-release < 231 and Elastic Runtime < 1.5.19/1.6.20 - Cross-Site Scripting via Loggregator Traffic Controller
CVSS 6.5
CVE-2016-5178 CRITICAL
Google Chrome < 53.0.2785.143 - Denial of Service via Improper Input Validation
CVSS 9.8
CVE-2016-4838 HIGH
Money Forward Android Apps - Unintended Operation Execution via Specially Crafted Application
CVSS 7.8
CVE-2016-7476 HIGH
F5 BIG-IP TMM - Denial of Service via Crafted TCP Packet
CVSS 7.5
CVE-2016-10371 MEDIUM
LibTIFF 4.0.6 - Denial of Service via Crafted TIFF File
CVSS 5.5
CVE-2016-9253 HIGH
F5 BIG-IP 12.1.0-12.1.2 - Denial of Service via WebSocket Traffic
CVSS 7.5
CVE-2016-6877 MEDIUM
Citrix XenMobile Server < 10.5.0.24 - HTTP Host Header Redirection
CVSS 5.3
CVE-2016-9692 HIGH
IBM WebSphere Cast Iron Solution 7.0.0-7.5.0.0 - Server-Side Request Forgery via Improper Input Validation
CVSS 8.6
CVE-2016-10243 CRITICAL
Debian Linux - Improper Input Validation
CVSS 9.8
CVE-2016-3109 CRITICAL
Shopware < 5.1.5 - Remote Code Execution via Backend Login Load Script
CVSS 9.8
CVE-2016-2173 CRITICAL
Fedora < 1.5.5 - Improper Input Validation
CVSS 9.8
CVE-2016-4841 MEDIUM
Cybozu Mailwise < 5.4.0 - Email Header Injection
CVSS 4.3
CVE-2016-7536 MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Crafted Profile
CVSS 6.5
CVE-2016-4862 HIGH
CS-Cart < 4.3.9 - Authenticated Remote Code Execution via Twigmo
CVSS 8.8
Details
Vulnerabilities 12,622
Exploit Likelihood High