CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,624 vulnerabilities with CWE-20
CVE-2016-3000 MEDIUM
IBM Connections 4.x-4.5 CR5, 5.0 < CR4, 5.5 < CR1 - Authenticated Denial of Service via Help Service URL
CVSS 4.3
CVE-2016-5174 MEDIUM
Google Chrome < 53.0.2785.101 - Denial of Service via Fullscreen Toggle Request
CVSS 6.5
CVE-2016-4753 HIGH
Apple iOS < 10, macOS < 10.12, tvOS < 10, watchOS < 3 - Remote Code Execution via Crafted App
CVSS 7.8
CVE-2016-4728 HIGH
Safari < 10.0 - Remote Code Execution via WebKit Error Prototype Mishandling
CVSS 8.8
CVE-2016-4722 MEDIUM
Apple iOS <9.3.5 and macOS <10.11.6 - Denial of Service via Call Relay Spoofing
CVSS 5.9
CVE-2016-4711 HIGH
Apple iOS <9.3.5 and macOS <10.11.6 - Cleartext Information Exposure via CCrypt Buffer Overlap
CVSS 7.5
CVE-2016-4706 MEDIUM
macOS < 10.11.6 - Denial of Service via cd9660
CVSS 5.5
CVE-2016-4701 MEDIUM
macOS < 10.11.6 - Denial of Service via SO_EXECPATH Environment Variable
CVSS 6.2
CVE-2016-4698 HIGH
Apple iOS < 10 and macOS < 10.12 - Privilege Escalation via Task Port Inheritance Policy
CVSS 7.8
CVE-2016-6412 MEDIUM
Cisco IOS 15.6(1)T1 and IOS XE - Arbitrary Download via Crafted HTTP Headers
CVSS 6.5
CVE-2016-6411 HIGH
Cisco Firepower <6.0.1 - Open Redirect
CVSS 7.5
CVE-2016-6410 MEDIUM
Cisco IOS - Authenticated Arbitrary File Read via CAF Component
CVSS 6.5
CVE-2016-6374 CRITICAL
Cisco Cloud Services Platform 2100 2.0 - Remote Code Execution via DNS Lookup Command
CVSS 9.8
CVE-2016-5284 HIGH
Firefox < 49.0 and Firefox ESR 45.x < 45.4 - Man-in-the-Middle Spoofing via Preloaded Public Key Pinning Bypass
CVSS 7.4
CVE-2016-5272 HIGH
Firefox < 48.0.2 - Remote Code Execution via nsImageGeometryMixin Input Handling
CVSS 8.8
CVE-2016-6824 MEDIUM
Huawei AC6003/AC6005/AC6605/ACU2 < V200R006C10SPC200 DoS via CAPWAP
CVSS 6.5
CVE-2016-5418 HIGH
libarchive <3.2.0 - Code Injection
CVSS 7.5
CVE-2016-4809 HIGH
Redhat Enterprise Linux Desktop < 3.2.0 - Improper Input Validation
CVSS 7.5
CVE-2016-1483 HIGH
Cisco WebEx Meetings Server 2.6 - DoS
CVSS 7.5
CVE-2016-6405 MEDIUM
Cisco Fog Director 1.0(0) - Auth Bypass
CVSS 6.5
CVE-2016-7417 CRITICAL
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via SplArray Unserialization
CVSS 9.8
CVE-2016-6302 HIGH
OpenSSL - Denial of Service via Short TLS Ticket
CVSS 7.5
CVE-2016-3378 HIGH
Microsoft Exchange Server 2013 SP1, 2013 CU12, 2013 CU13, 2016 CU1, 2016 CU2 - Open Redirect via Crafted URL
CVSS 7.4
CVE-2016-3292 MEDIUM
Microsoft Internet Explorer 10 and 11 - Sandbox Protection Bypass via Integrity and Zone Settings Mishandling
CVSS 5.0
CVE-2016-6399 HIGH
Cisco ACE Application Control Engine Module A1 and A3 - Denial of Service via Crafted SSL/TLS Packets
CVSS 7.5
Details
Vulnerabilities 12,624
Exploit Likelihood High