CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2016-4087 HIGH
Huawei S12700 <V200R008C00SPC500 & S5700 <V200R005SPH010 - RCE/DoS
CVSS 8.1
CVE-2016-4049 HIGH
Quagga - Denial of Service via Large BGP Packet in bgp_dump_routes_func
CVSS 7.5
CVE-2016-3959 HIGH
Go <1.5.4, 1.6.x <1.6.1 - DoS
CVSS 7.5
CVE-2016-4538 CRITICAL
PHP < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 - Denial of Service via bcpowmod Function
CVSS 9.8
CVE-2016-4537 CRITICAL
PHP < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 - Denial of Service via bcpowmod Negative Scale Argument
CVSS 9.8
CVE-2016-4348 HIGH
librsvg < 2.40.1 - Denial of Service via Circular Definitions in SVG Document
CVSS 7.5
CVE-2016-3739 MEDIUM
curl < 7.49.0 - Server Spoofing via Arbitrary Valid Certificate
CVSS 5.3
CVE-2016-4072 CRITICAL
PHP < 5.5.34, 5.6.x < 5.6.20, 7.x < 7.0.5 - Remote Code Execution via Phar Filename Handling
CVSS 9.8
CVE-2016-4071 CRITICAL
PHP < 5.5.34, 5.6.x < 5.6.20, 7.x < 7.0.5 - Remote Code Execution via SNMP::get Format String Specifiers
CVSS 9.8
CVE-2016-1843 HIGH
Apple OS X <10.11.5 - Info Disclosure
CVSS 7.5
CVE-2016-1800 HIGH
macOS < 10.11.5 - Remote Code Execution via Captive Network Assistant URL Scheme
CVSS 8.8
CVE-2016-4425 MEDIUM
jansson < 2.7 - Denial of Service via Deep Recursion in JSON Parser
CVSS 6.5
CVE-2016-3705 HIGH
libxml2 <2.9.3 - DoS
CVSS 7.5
CVE-2016-3185 HIGH
PHP < 5.4.44, 5.5.x < 5.5.28, 5.6.x < 5.6.12, 7.x < 7.0.4 - Denial of Service via Crafted Serialized _cookies Data
CVSS 7.1
CVE-2016-0381 MEDIUM
IBM Cognos TM1 < 10.2.2 FP5 - Authenticated Denial of Service via AdminGroups Setting
CVSS 4.3
CVE-2016-1665 MEDIUM
Google V8 <50.0.2661.94 - Info Disclosure
CVSS 6.5
CVE-2016-1661 HIGH
Google Chrome <50.0.2661.94 - Memory Corruption
CVSS 8.0
CVE-2016-1660 HIGH
Google Chrome <50.0.2661.94 - DoS
CVSS 8.8
CVE-2016-1209 CRITICAL
Ninja Forms <2.9.42.1 - Code Injection
CVSS 9.8
CVE-2016-2850 HIGH
Fedora - Improper Input Validation
CVSS 7.5
CVE-2016-2194 HIGH
Debian Linux < 1.10.10 - Improper Input Validation
CVSS 7.5
CVE-2016-4498 MEDIUM
Panasonic FPWIN Pro 5.x-7.x - Denial of Service via Uninitialized Pointer
CVSS 5.5
CVE-2016-4497 MEDIUM
Panasonic FPWIN Pro 5.x-7.x - Denial of Service via Type Confusion
CVSS 4.2
CVE-2016-1115 MEDIUM
Adobe ColdFusion Certificate Spoofing via Wildcard Name Field Mishandling
CVSS 5.9
CVE-2016-4555 HIGH
Squid 3.x < 3.5.18 and 4.x < 4.0.10 - Denial of Service via Crafted ESI Responses
CVSS 7.5
Details
Vulnerabilities 12,628
Exploit Likelihood High