CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,624 vulnerabilities with CWE-20
CVE-2016-5025 MEDIUM
NVIDIA GPU Driver < 341.96 - Denial of Service via NVAPI Parameter Sanitization
CVSS 6.6
CVE-2016-4961 MEDIUM
NVIDIA GeForce Experience - Denial of Service via NVStreamKMS.sys API Parameter
CVSS 5.5
CVE-2016-4960 HIGH
NVIDIA GeForce Experience - Privilege Escalation via NVStreamKMS.sys API
CVSS 7.3
CVE-2016-8870 HIGH
Joomla! < 3.6.3 - Unauthenticated User Account Creation via UsersModelRegistration
CVSS 8.1
CVE-2016-8869 CRITICAL
Joomla! <3.6.4 - Privilege Escalation
CVSS 9.8
CVE-2016-7965 MEDIUM
DokuWiki < 2016-06-26a - Unauthenticated Phishing via HTTP Host Header Manipulation
CVSS 6.5
CVE-2016-8579 MEDIUM
docker2aci <= 0.12.3 - Denial of Service via Cyclic Dependency Chain
CVSS 4.0
CVE-2016-6372 HIGH
Cisco Email Security Appliance - Unauthenticated Filter Bypass via Malformed MIME Headers
CVSS 7.5
CVE-2016-6360 HIGH
Cisco Email Security Appliance and Web Security Appliance - Partial Denial of Service via AMP Process Restart
CVSS 7.5
CVE-2016-6358 HIGH
Cisco Email Security Appliance <= 9.7.1-000 - Unauthenticated Partial Denial of Service via Local FTP
CVSS 7.5
CVE-2016-6356 HIGH
Cisco Email Security Appliance - Denial of Service via Email Message Filtering
CVSS 7.5
CVE-2016-1481 HIGH
Cisco Email Security Appliance < 9.1.1-038, < 9.7.1-066 - Unauthenticated Denial of Service via Message Filter Rules
CVSS 7.5
CVE-2016-6445 CRITICAL
Cisco Meeting Server <2.0.6 & Acano Server <1.8.18/1.9.x - Auth Bypass
CVSS 9.1
CVE-2016-6440 MEDIUM
Cisco Unified Communications Manager - Clickjacking
CVSS 6.5
CVE-2016-6431 HIGH
Cisco Adaptive Security Appliance Software - Denial of Service via Local CA Enrollment Request
CVSS 7.5
CVE-2016-2848 HIGH
ISC BIND 9.1.0-9.8.4-P2 and 9.9.0-9.9.2-P2 - Denial of Service via Malformed OPT Resource Record
CVSS 7.5
CVE-2016-7182 CRITICAL
Microsoft Windows Vista - Remote Code Execution via Crafted True Type Font
CVSS 9.8
CVE-2016-7796 MEDIUM
systemd - Denial of Service via Zero-Length Notify Socket Message
CVSS 5.5
CVE-2016-7795 MEDIUM
Canonical Ubuntu Linux < 231 - Improper Input Validation
CVSS 5.5
CVE-2016-8563 HIGH
Siemens Automation License Manager < 5.3 SP3 Update 1 - Denial of Service via Crafted TCP Packets to Port 4410
CVSS 7.5
CVE-2016-6696 CRITICAL
Android < 7.0 - Denial of Service via Large Negative Data Length in QDSP6v2 Driver
CVSS 9.8
CVE-2016-6694 CRITICAL
Android < 7.0 - Denial of Service via Qualcomm QDSP6v2 Driver Parameter Data
CVSS 9.8
CVE-2016-6693 CRITICAL
Android < 7.0 - Denial of Service via Invalid Data Length in QDSP6v2 Driver
CVSS 9.8
CVE-2016-6674 HIGH
Android < 7.0 - Privilege Escalation via Crafted Application
CVSS 7.8
CVE-2016-3937 HIGH
Android <2016-10-05 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 12,624
Exploit Likelihood High