CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,624 vulnerabilities with CWE-20
CVE-2016-6396 MEDIUM
Cisco FireSIGHT System Software < 6.1 - Malware Detection Bypass via HTTP Header Field Manipulation
CVSS 5.3
CVE-2016-4852 MEDIUM
YoruFukurou < 2.84 - Denial of Service via Emoji Skin-Tone Modifier
CVSS 6.5
CVE-2016-7129 CRITICAL
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via Invalid ISO 8601 Time in WDDX Deserialization
CVSS 9.8
CVE-2016-1277 MEDIUM
Juniper Junos OS DoS via Crafted ICMP Packet
CVSS 5.9
CVE-2016-1263 HIGH
Juniper Junos OS Multiple Versions - DoS via Crafted UDP Packet
CVSS 7.5
CVE-2016-1464 HIGH
Cisco WebEx Meetings Player T29.10 - RCE
CVSS 7.8
CVE-2016-5879 HIGH
IBM MQ Appliance M2000 and M2001 - OS Command Injection via MQCLI Disaster Recovery or High Availability Command
CVSS 8.8
CVE-2016-1472 HIGH
Cisco Small Business 220 <1.0.1.1 - DoS
CVSS 7.5
CVE-2016-5675 CRITICAL
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 - Remote Code Execution via NTPServer Parameter
CVSS 9.8
CVE-2016-5674 CRITICAL
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-3.0.0 - RCE via __debugging_center_utils___.php
CVSS 9.8
CVE-2016-1484 HIGH
Cisco WebEx Meetings Server 2.6 - Auth Bypass
CVSS 7.5
CVE-2016-6361 MEDIUM
Cisco Aironet <8.2.121.0-8.3.102.0 - DoS
CVSS 6.5
CVE-2016-1479 HIGH
Cisco IP Phone 8800 <11.0(1) - Memory Corruption
CVSS 7.5
CVE-2016-1365 HIGH
Cisco APIC-EM <1.0 - Command Injection
CVSS 8.8
CVE-2016-3304 HIGH
Microsoft Windows and Office - Remote Code Execution via Crafted Embedded Font
CVSS 7.8
CVE-2016-3303 HIGH
Microsoft Windows and Office Products - Remote Code Execution via Crafted Embedded Font
CVSS 7.8
CVE-2016-3301 HIGH
Microsoft Windows and Office - Remote Code Execution via Crafted Embedded Font
CVSS 7.8
CVE-2016-0281 LOW
IBM AIX and VIOS - Denial of Service via Crafted Packets to mustendd Driver
CVSS 3.7
CVE-2016-1478 HIGH
Cisco IOS 15.5(3)S3 15.6(1)S2 15.6(2)S1 15.6(2)T1 - Denial of Service via NTP Packet Processing
CVSS 7.5
CVE-2016-1430 HIGH
Cisco RV180-Root - Command Injection
CVSS 8.8
CVE-2016-6515 HIGH
OpenSSH < 7.3 - Denial of Service via Long Password String
CVSS 7.5
CVE-2016-5340 HIGH
Android < 7.0 and Linux Kernel 3.0-3.19.8 - Improper Input Validation in ashmem File Handling
CVSS 7.8
CVE-2016-5141 HIGH
Google Chrome < 52.0.2743.82 - Address Bar Spoofing via Provisional URL Handling
CVSS 7.5
CVE-2016-5358 MEDIUM
Wireshark 2.x < 2.0.4 - Denial of Service via Crafted Ethernet Packet
CVSS 5.9
CVE-2016-5357 MEDIUM
Wireshark 1.12.x < 1.12.12 and 2.x < 2.0.4 - Denial of Service in NetScreen File Parser
CVSS 5.9
Details
Vulnerabilities 12,624
Exploit Likelihood High