CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,623 vulnerabilities with CWE-20
CVE-2016-4038 HIGH
Samsung devices <Android 5 - Local Impact
CVSS 7.8
CVE-2016-9420 CRITICAL
MyBB and MyBB Merge System < 1.8.8 - Remote Code Execution via Loose Comparison False Positives
CVSS 9.8
CVE-2016-9249 HIGH
BIG-IP Local Traffic Manager - Denial of Service via TCP Fast Open Traffic Pattern
CVSS 7.5
CVE-2016-6267 HIGH
Trend Micro Smart Protection Server <3.0.1330 - Command Injection
CVSS 8.8
CVE-2016-6266 HIGH
Trend Micro Smart Protection Server <3.0.1330 - Command Injection
CVSS 8.8
CVE-2016-9939 HIGH
Crypto++ 5.6.4 - Denial of Service via ASN.1 BER Decoding Memory Allocation
CVSS 7.5
CVE-2016-2517 MEDIUM
NTP < 4.2.8p7 and 4.3.x < 4.3.92 - Denial of Service via Trusted Key Manipulation
CVSS 5.3
CVE-2016-2516 MEDIUM
NTP < 4.2.8p7 and 4.3.x < 4.3.92 - Denial of Service via Mode7 Unconfig Directive
CVSS 5.3
CVE-2016-10176 CRITICAL
NETGEAR WNR2000v5 Firmware < 1.0.0.34 - Unauthenticated Remote Code Execution via apply_noauth.cgi
CVSS 9.8
CVE-2016-9795 HIGH
Broadcom CA Workload Automation AE - Improper Input Validation
CVSS 7.8
CVE-2016-9317 MEDIUM
libgd < 2.2.4 - Denial of Service via Oversized Image
CVSS 5.5
CVE-2016-10024 MEDIUM
Xen < 4.8.0 - Denial of Service via Asynchronous Instruction Stream Modification
CVSS 6.0
CVE-2016-9385 MEDIUM
Xen 4.4.x-4.7.x - Denial of Service via x86 Segment Base Write Emulation
CVSS 6.0
CVE-2016-9383 HIGH
Xen - Memory Corruption via Bit Test Instruction Emulation
CVSS 8.8
CVE-2016-9380 HIGH
Xen - Arbitrary File Read and Delete via pygrub Boot Loader NUL Byte Handling
CVSS 7.5
CVE-2016-9379 HIGH
Xen - Arbitrary File Read and Delete via pygrub Boot Loader S-expression Handling
CVSS 7.9
CVE-2016-6603 CRITICAL
ZOHO WebNMS Framework 5.2-5.2 SP1 - Auth Bypass
CVSS 9.8
CVE-2016-5119 HIGH
KeePass < 2.33 - Remote Code Execution via Spoofed Update Check
CVSS 7.5
CVE-2016-4793 HIGH
CakePHP < 3.2.4 - IP Spoofing via CLIENT-IP HTTP Header
CVSS 7.5
CVE-2016-9436 MEDIUM
Opensuse Leap < 0.5.3\+git20160718 - Improper Input Validation
CVSS 6.5
CVE-2016-9435 MEDIUM
Opensuse Leap < 0.5.3\+git20160718 - Improper Input Validation
CVSS 6.5
CVE-2016-7543 HIGH
Bash < 4.3 - Local Privilege Escalation via SHELLOPTS and PS4 Environment Variables
CVSS 8.4
CVE-2016-5222 MEDIUM
Google Chrome < 55.0.2883.75 - URL Spoofing via Omnibox Manipulation
CVSS 6.5
CVE-2016-5218 MEDIUM
Google Chrome < 55.0.2883.75 - URL Spoofing via PDF Navigation
CVSS 6.5
CVE-2016-5197 HIGH
Google Chrome < 54.0.2840.85 for Android - Arbitrary Activity Launch via Intent URL
CVSS 8.8
Details
Vulnerabilities 12,623
Exploit Likelihood High