CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,624 vulnerabilities with CWE-20
CVE-2016-9919 HIGH
Linux Kernel < 4.9 - Denial of Service via IPv6 Fragment Handling
CVSS 7.5
CVE-2016-8740 HIGH
Apache HTTP Server 2.4.17-2.4.23 - DoS
CVSS 7.5
CVE-2016-9157 CRITICAL
Siemens SICAM PAS < 8.09 - Denial of Service and Unauthenticated Remote Code Execution via Crafted Packets to Port 19234
CVSS 9.8
CVE-2016-9156 HIGH
Siemens SICAM PAS < 8.09 - Unauthenticated Arbitrary File Manipulation via Port 19235
CVSS 7.3
CVE-2016-3044 MEDIUM
IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 - Denial of Service via Guest OS Vectors
CVSS 6.5
CVE-2016-9564 HIGH
Boa 0.92r - Denial of Service via Long URI in send_redirect()
CVSS 7.5
CVE-2016-5987 MEDIUM
IBM Maximo Asset Management <7.1.1.13, <7.5.0.10-IF4, <7.6.0.5-IF3 ...
CVSS 5.3
CVE-2016-2937 MEDIUM
IBM BigFix Remote Control < 9.1.2 - Information Disclosure and Email Spoofing via Crafted POST Request
CVSS 6.5
CVE-2016-2935 MEDIUM
IBM BigFix Remote Control < 9.1.2 - Denial of Service via Invalid HTTP Request
CVSS 5.3
CVE-2016-9191 MEDIUM
Linux Kernel <= 4.8.11 - Denial of Service via Cgroup Offline Drain Operations
CVSS 5.5
CVE-2016-8650 MEDIUM
Linux Kernel < 4.8.11 - Denial of Service via RSA Key with Zero Exponent
CVSS 5.5
CVE-2016-9452 MEDIUM
Drupal < 8.2.3 - Denial of Service via Transliterate Mechanism
CVSS 6.5
CVE-2016-2996 MEDIUM
IBM Security Privileged Identity Manager 2.0 - Authenticated Arbitrary File Write
CVSS 6.5
CVE-2016-1248 HIGH
vim < 8.0.0056 - Remote Code Execution via Modeline Options
CVSS 7.8
CVE-2016-6463 MEDIUM
Cisco AsyncOS 9.7.1-066 through 10.0.0-082 - Unauthenticated Advanced Malware Protection Filter Bypass
CVSS 5.3
CVE-2016-6462 MEDIUM
Cisco AsyncOS 9.7.1-066 through 10.0.0-125 - Unauthenticated AMP Filter Bypass via Email Attachment
CVSS 5.3
CVE-2016-6461 MEDIUM
Cisco Adaptive Security Appliance Software - XML Command Injection via HTTP Web Interface
CVSS 5.9
CVE-2016-6458 HIGH
Cisco AsyncOS < 10.0.0-125 and 9.7.1-066 - Unauthenticated Content Filter Bypass
CVSS 7.5
CVE-2016-6450 LOW
Cisco IOS XE - Privilege Escalation
CVSS 2.5
CVE-2016-4332 HIGH
HDF5 1.8.16 - Heap-Based Buffer Overflow via Unsupported Message Flag
CVSS 8.6
CVE-2016-9375 MEDIUM
Wireshark 2.0.0-2.0.7 and 2.2.0-2.2.1 - Denial of Service via DTN Dissector Infinite Loop
CVSS 5.9
CVE-2016-9372 MEDIUM
Wireshark 2.2.0-2.2.1 - Denial of Service via Profinet I/O Dissector
CVSS 5.9
CVE-2016-0909 HIGH
EMC Avamar <7.3 - Privilege Escalation
CVSS 8.4
CVE-2016-7209 MEDIUM
Microsoft Edge - Web Content Spoofing via Crafted Web Site
CVSS 5.3
CVE-2016-8809 HIGH
NVIDIA Windows GPU Display Driver <342.00-375.63 - DoS/Privilege Es...
CVSS 7.8
Details
Vulnerabilities 12,624
Exploit Likelihood High