CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,623 vulnerabilities with CWE-20
CVE-2016-9278 MEDIUM
Samsung Exynos fimg2d Driver - Denial of Service via Crafted ioctl Command
CVSS 5.5
CVE-2016-7998 HIGH
SPIP < 3.1.2 - Authenticated Remote Code Execution via Crafted INCLUDE/INCLURE Tag
CVSS 8.8
CVE-2016-7434 HIGH
NTP 4.3.0-4.3.94 - Denial of Service via Crafted MRU List Query
CVSS 7.5
CVE-2016-7431 MEDIUM
NTP - Origin Timestamp Protection Mechanism Bypass via Zero Timestamp
CVSS 5.3
CVE-2016-7791 CRITICAL
Exponent CMS 2.3.9 - Remote Code Execution via Install Sample Extraction
CVSS 9.8
CVE-2016-7790 CRITICAL
Exponent CMS 2.3.9 - Remote Code Execution via File Upload and Config Overwrite
CVSS 9.8
CVE-2016-8442 HIGH
Android Kernel 3.18 - Memory Corruption
CVSS 7.8
CVE-2016-8437 CRITICAL
Android Kernel <3.18 - Info Disclosure
CVSS 9.8
CVE-2016-9444 HIGH
ISC BIND 9.x < 9.9.9-P5, 9.10.x < 9.10.4-P5, 9.11.x < 9.11.0-P2 - Denial of Service via Crafted DS Resource Record
CVSS 7.5
CVE-2016-9147 HIGH
ISC BIND 9.9.9-P4 9.9.9-S6 9.10.4-P4 9.11.0-P1 - Denial of Service via DNSSEC RRset Inconsistency
CVSS 7.5
CVE-2016-9131 HIGH
ISC BIND <9.9.9-P5, 9.10.x <9.10.4-P5, 9.11.x <9.11.0-P2 - DoS
CVSS 7.5
CVE-2016-9247 MEDIUM
F5 BIG-IP - Denial of Service via Malformed Packet Sequence in FastL4 and TCP Analytics
CVSS 5.9
CVE-2016-8106 MEDIUM
Intel Ethernet Controller <5.05 - DoS
CVSS 5.9
CVE-2016-4329 MEDIUM
Kaspersky Anti-Virus - Local Denial of Service via Window Broadcast Message Handling
CVSS 5.5
CVE-2016-1547 MEDIUM
NTP < 4.2.8p4 / NTPSec < a5fb34b - DoS via Spoofed Crypto NAK
CVSS 5.3
CVE-2016-5024 MEDIUM
F5 BIG-IP 11.6.1-12.1.x - Denial of Service via RADIUS Message Parsing
CVSS 5.9
CVE-2016-10100 MEDIUM
Borg < 1.0.8 - Archive Overwrite via Manifest Recovery
CVSS 5.3
CVE-2016-9224 MEDIUM
Cisco Jabber Guest Server 10.6(9) - Unauthenticated Server-Side Request Forgery
CVSS 6.5
CVE-2016-8595 MEDIUM
FFmpeg < 3.1.5 - Denial of Service via Crafted AVI File
CVSS 5.5
CVE-2016-7785 MEDIUM
FFmpeg < 3.1.3 - Denial of Service via Crafted AVI File
CVSS 5.5
CVE-2016-9179 HIGH
lynx - Server-Side Request Forgery via URL Authority Parsing
CVSS 7.5
CVE-2016-7267 MEDIUM
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 - Remote Code Execution via Crafted Document
CVSS 5.5
CVE-2016-7266 HIGH
Microsoft Excel 2007-2016 & Compatibility Pack - Remote Code Execution via Embedded Content
CVSS 7.8
CVE-2016-5193 MEDIUM
Google Chrome < 54.0 for iOS - URL Validation Bypass via DOM Window Navigation
CVSS 4.3
CVE-2016-5188 MEDIUM
Google Chrome < 54.0.2840.59 - UI Spoofing via Crafted HTML Pages
CVSS 4.3
Details
Vulnerabilities 12,623
Exploit Likelihood High