CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,623 vulnerabilities with CWE-20
CVE-2016-7657 LOW
watchOS < 2.2.2 - Information Disclosure in IOKit
CVSS 3.3
CVE-2016-7636 MEDIUM
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Denial of Service via OCSP Responder URL
CVSS 5.9
CVE-2016-7581 MEDIUM
iPhone OS < 10.1 - Denial of Service via Safari URL Handling
CVSS 4.3
CVE-2016-7580 MEDIUM
macOS < 10.11.6 - Denial of Service via Mail Crafted URL
CVSS 6.5
CVE-2016-4690 MEDIUM
iPhone OS < 10.2 - Remote Code Execution via Crafted USB HID Device
CVSS 6.8
CVE-2016-4669 HIGH
Safari Webkit JIT Exploit for iOS 7.1.2
CVSS 7.8
CVE-2016-4661 MEDIUM
macOS < 10.12.1 - Denial of Service in NTFS Disk Image Parser
CVSS 5.5
CVE-2016-9955 MEDIUM
SimpleSAMLphp < 1.14.11 - Signature Spoofing and Denial of Service via XML Validator
CVSS 6.3
CVE-2016-8652 MEDIUM
Dovecot < 2.2.27 - Denial of Service via Authentication Abort Without Username
CVSS 5.9
CVE-2016-8944 MEDIUM
IBM AIX 7.1-7.2 - Memory Corruption
CVSS 5.5
CVE-2016-8344 LOW
Honeywell Experion PKS through 431 - Denial of Service via Crafted Packet
CVSS 3.7
CVE-2016-5782 HIGH
Locus Energy LGate < 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, LGate 320 - Improper Input Validation
CVSS 8.6
CVE-2016-6129 HIGH
OP-TEE OS < 2.1.0 - RSA Signature Forgery via ASN.1 Length Mismatch
CVSS 7.5
CVE-2016-4547 HIGH
Samsung Mobile - Denial of Service via Crafted TvoutService_C System Call
CVSS 7.5
CVE-2016-4546 MEDIUM
Samsung Mobile Android KK(4.4) and L(5.0/5.1) - Denial of Service via IAndroidShm Service Call
CVSS 5.5
CVE-2016-9686 MEDIUM
Puppet Enterprise DoS via PCP Broker Message Header
CVSS 5.3
CVE-2016-0206 LOW
IBM Cloud Orchestrator - Denial of Service via Malformed URL
CVSS 3.3
CVE-2016-7164 HIGH
libtorrent 1.1.0 - Denial of Service via Crafted GZIP Response
CVSS 7.5
CVE-2016-6131 HIGH
GNU Libiberty - Denial of Service via Cycle in Mangled Type References
CVSS 7.5
CVE-2016-2781 MEDIUM
GNU coreutils - Local Privilege Escalation via TIOCSTI ioctl Call
CVSS 4.6
CVE-2016-5102 MEDIUM
libtiff < 4.0.6 - Denial of Service via Crafted GIF File in gif2tiff
CVSS 5.5
CVE-2016-6500 HIGH
ForgeRock OpenIDM/OpenICF <1.1.1.0 - RCE
CVSS 8.1
CVE-2016-6234 MEDIUM
lepton - Denial of Service via Crafted JPEG File
CVSS 5.5
CVE-2016-6084 MEDIUM
IBM BigFix Platform - Denial of Service via Crafted XMLSchema Request
CVSS 6.5
CVE-2016-10079 HIGH
SAPlpd < 7400.3.11.33 - Denial of Service via Long String to TCP Port 515
CVSS 7.5
Details
Vulnerabilities 12,623
Exploit Likelihood High