CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2016-2477 HIGH
Android < 4.4.4, 5.0.x < 5.0.2, 5.1.x < 5.1.1, 6.x < 2016-06-01 - Privilege Escalation via Pointer Mishandling
CVSS 7.8
CVE-2016-2475 HIGH
Android < 6.0.1 - Privilege Escalation via Broadcom Wi-Fi Driver
CVSS 7.8
CVE-2016-2464 HIGH
Android libvpx < 2016-06-01 - Remote Code Execution via Crafted MKV File
CVSS 7.8
CVE-2016-3706 HIGH
GNU C Library - Buffer Overflow
CVSS 7.5
CVE-2016-2786 CRITICAL
Puppet Agent < 1.3.6 and Puppet Enterprise < 2015.3.3 - Remote Code Execution via Spoofed Broker Certificate
CVSS 9.8
CVE-2016-1419 HIGH
Cisco Access Point <8.2(102.43) - DoS
CVSS 8.1
CVE-2016-4449 HIGH
Debian Linux < 2.9.3 - Improper Input Validation
CVSS 7.1
CVE-2016-4368 CRITICAL
HPE Universal CMDB 10.0-10.21 - Remote Code Execution via Deserialization
CVSS 9.8
CVE-2016-1418 HIGH
Cisco Aironet Access Point Software <8.2(100.0) - Privilege Escalation
CVSS 7.8
CVE-2016-4545 HIGH
F5 BIG-IP 11.5.4 - Denial of Service via SSL Alert During Handshake
CVSS 7.5
CVE-2016-3093 MEDIUM
Apache Struts 2.0.0-2.3.24.1 - Denial of Service via OGNL Method Reference Caching
CVSS 5.3
CVE-2016-3087 CRITICAL
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution
CVSS 9.8
CVE-2016-1403 HIGH
CISCO IP 8800 <11.0.1 - Privilege Escalation
CVSS 7.8
CVE-2016-1391 HIGH
Cisco Prime Network Analysis Module < 6.1(1) patch.6.1-2-final and 6.2.x < 6.2(2) - Authenticated RCE via HTTP Request
CVSS 8.8
CVE-2016-1390 HIGH
Cisco Prime NAM <6.1.1 - Privilege Escalation
CVSS 7.8
CVE-2016-3944 HIGH
Lenovo Accelerator Application - Remote Code Execution via Spoofed Update Response
CVSS 7.5
CVE-2016-0363 HIGH
IBM SDK Java Technology Edition <6.0.16.25-8.0.3.0 - Remote Code Execution
CVSS 8.1
CVE-2016-1370 MEDIUM
Cisco Prime Network Analysis Module < 6.2(1-b) - Denial of Service via IPv6 Payload Length Miscalculations
CVSS 5.3
CVE-2016-3094 MEDIUM
Apache Qpid Broker-J < 6.0.2 and qpid-broker < 6.0.3 - Denial of Service via Crafted Authentication Attempt
CVSS 5.9
CVE-2016-1409 HIGH
Cisco IOS XE 2.1-3.17S, IOS XR 2.0.0-5.3.2, and NX-OS - Denial of Service via Crafted IPv6 Neighbor Discovery Messages
CVSS 7.5
CVE-2016-1407 HIGH
Cisco IOS XR through 5.3.2 - Denial of Service via LPTS Flow-Based Entry Exhaustion
CVSS 7.5
CVE-2016-1400 HIGH
Cisco TelePresence Video Communications Server - DoS
CVSS 7.5
CVE-2016-1382 HIGH
Cisco AsyncOS <8.5.3-069 & 8.6-8.8 - DoS
CVSS 7.5
CVE-2016-1380 HIGH
Cisco Web Security Appliance AsyncOS 8.0 - Denial of Service via Crafted HTTP POST Request
CVSS 7.5
CVE-2016-4782 HIGH
Lenovo SHAREit - Unspecified Impact via Intent Scheme URL Attack
CVSS 8.8
Details
Vulnerabilities 12,628
Exploit Likelihood High