CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,624 vulnerabilities with CWE-20
CVE-2016-3936 HIGH
Android <2016-10-05 - Privilege Escalation
CVSS 7.8
CVE-2016-3920 MEDIUM
Android <5.0.2, <5.1.1, <=2016-10-01 - DoS
CVSS 5.5
CVE-2016-6433 HIGH
Cisco Firepower Mgmt Cntr <6.0.1 - RCE
CVSS 8.8
CVE-2016-6422 HIGH
Cisco IOS 12.2(33)SXJ9 - Auth Bypass
CVSS 7.5
CVE-2016-1454 MEDIUM
Cisco NX-OS 4.0-7.3 and 11.0-11.2 - Denial of Service via Crafted BGP UPDATE Message
CVSS 6.5
CVE-2016-6426 HIGH
Cisco Unified Contact Center Express & Unified Intelligence Center - Unauthenticated Account Creation
CVSS 7.5
CVE-2016-6380 HIGH
Cisco IOS <12.4 & <15.6 - Info Disclosure/DoS
CVSS 8.1
CVE-2016-6379 HIGH
Cisco IOS 12.2 and IOS XE 3.14-3.16 and 16.1 - Denial of Service via Crafted IPDR Packets
CVSS 7.5
CVE-2016-6384 HIGH
Cisco IOS 12.2-12.4 and 15.0-15.6 and IOS XE 3.1-3.17 and 16.2 - Denial of Service via H.323 Message
CVSS 7.5
CVE-2016-7907 MEDIUM
QEMU < 2.8.1.1 - Denial of Service via Crafted Buffer Descriptor in imx_fec_do_tx
CVSS 4.4
CVE-2016-6646 CRITICAL
EMC Unisphere for VMAX Virtual Appliance <8.3.0 - RCE
CVSS 9.8
CVE-2016-6645 HIGH
EMC Unisphere for VMAX Virtual Appliance <8.3.0 - Authenticated RCE
CVSS 8.8
CVE-2016-0913 CRITICAL
EMC Replication Manager <5.5.3.0_01-PatchHotfix - Command Injection
CVSS 9.8
CVE-2016-8278 HIGH
Huawei USG9520-9580 - DoS
CVSS 7.5
CVE-2016-8277 MEDIUM
Huawei USG9520-9580 - DoS
CVSS 6.5
CVE-2016-1244 HIGH
unADF - Remote Code Execution via Shell Metacharacters in Directory Name
CVSS 8.8
CVE-2016-1240 HIGH
Apache Tomcat on Ubuntu Log Init Privilege Escalation
CVSS 7.8
CVE-2016-2776 HIGH
Oracle Linux < 9.9.9 - Improper Input Validation
CVSS 7.5
CVE-2016-6305 HIGH
OpenSSL 1.1.0 - Denial of Service via Zero-Length Record in SSL_peek
CVSS 7.5
CVE-2016-6901 MEDIUM
Huawei AR and NetEngine 16EX Firmware - Authenticated Denial of Service via Format String Specifiers
CVSS 6.5
CVE-2016-6153 MEDIUM
SQLite < 3.13.0 - Denial of Service via Temporary Directory Search Algorithm
CVSS 5.9
CVE-2016-4972 CRITICAL
OpenStack Murano < 1.0.3 and 2.x < 2.0.1 - Remote Code Execution via YAML Loader Inheritance
CVSS 9.8
CVE-2016-7162 HIGH
Canonical Ubuntu Linux - Improper Input Validation
CVSS 7.5
CVE-2016-3110 HIGH
Redhat Jboss Enterprise Application P... - Improper Input Validation
CVSS 7.5
CVE-2016-5947 MEDIUM
IBM Spectrum Control <5.2.11 - CSRF
CVSS 5.7
Details
Vulnerabilities 12,624
Exploit Likelihood High