CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,623 vulnerabilities with CWE-20
CVE-2016-9168 MEDIUM
Novell eDirectory < 9.0.2 - Clickjacking via Missing X-Frame-Options Header
CVSS 6.5
CVE-2016-5755 MEDIUM
NetIQ Access Manager <4.1.2-4.2.2 - CSRF
CVSS 6.5
CVE-2016-4927 HIGH
Junos Space < 15.2 - Man-in-the-Middle via SSH Key Validation Bypass
CVSS 8.1
CVE-2016-6816 HIGH
Apache Tomcat 6.0.0-6.0.47, 7.0.0-7.0.72, 8.0.0.RC1-8.0.38, 8.5.0-8.5.6, 9.0.0.M1-9.0.0.M11 - HTTP Response Injection
CVSS 7.1
CVE-2016-10167 MEDIUM
libgd < 2.2.4 - Denial of Service via Crafted GD2 Image File
CVSS 5.5
CVE-2016-8017 MEDIUM
Intel Security VSEL <2.0.3 - Code Injection
CVSS 4.1
CVE-2016-9727 HIGH
IBM QRadar Incident Forensics - Authenticated Remote Command Execution
CVSS 8.5
CVE-2016-9726 HIGH
IBM QRadar Incident Forensics 7.2 - Authenticated Remote Command Execution
CVSS 8.8
CVE-2016-9693 MEDIUM
IBM Business Process Manager 7.5, 8.0, 8.5 - Unauthenticated Malicious File Download via File Type Restriction Bypass
CVSS 6.1
CVE-2016-6247 MEDIUM
OpenBSD 5.8-5.9 - Denial of Service via Unmount with Open Vnode
CVSS 5.5
CVE-2016-6246 MEDIUM
OpenBSD 5.8 and 5.9 - Denial of Service via tmpfs Mount with VNOVAL in Root Node Metadata
CVSS 4.4
CVE-2016-6243 MEDIUM
OpenBSD 5.8-5.9 - Denial of Service via __thrsleep System Call
CVSS 5.5
CVE-2016-6239 MEDIUM
OpenBSD 5.8-5.9 - Denial of Service via mmap __MAP_NOFAULT Size Handling
CVSS 5.5
CVE-2016-6244 HIGH
OpenBSD 5.9 - Denial of Service via Negative ts.tv_sec Value
CVSS 7.5
CVE-2016-7407 CRITICAL
dropbear_ssh < 2016.73 - Remote Code Execution via Crafted OpenSSH Key File
CVSS 9.8
CVE-2016-7406 CRITICAL
Dropbear SSH < 2016.73 - Remote Code Execution via Format String Specifiers
CVSS 9.8
CVE-2016-10069 MEDIUM
ImageMagick < 6.9.4-5 - Denial of Service via Invalid Number of Frames in MAT File
CVSS 5.5
CVE-2016-10068 MEDIUM
ImageMagick < 6.9.6-4 - Denial of Service via MSL Interpreter XML Parsing
CVSS 5.5
CVE-2016-10228 MEDIUM
glibc < 2.25 - Denial of Service via Iconv Invalid Multi-Byte Input
CVSS 5.9
CVE-2016-9830 MEDIUM
GraphicsMagick 1.3.25 - Denial of Service via Large JPEG Image Dimensions
CVSS 5.5
CVE-2016-5240 MEDIUM
GraphicsMagick < 1.3.23 - Denial of Service via Circularly Defined SVG File
CVSS 5.5
CVE-2016-9009 LOW
IBM WebSphere MQ 8.0 - Authenticated Denial of Service via Cluster Object Creation
CVSS 3.1
CVE-2016-7742 HIGH
macOS < 10.12.2 - Remote Code Execution in xar Component via Crafted Archive
CVSS 7.8
CVE-2016-7667 HIGH
Apple Iphone OS < 10.1.1 - Improper Input Validation
CVSS 7.5
CVE-2016-7665 MEDIUM
iPhone OS < 10.2 - Denial of Service via Crafted Video in Graphics Driver
CVSS 5.5
Details
Vulnerabilities 12,623
Exploit Likelihood High