CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2016-2411 MEDIUM
Android 6.x - Privilege Escalation via Qualcomm Power Management Kernel Driver
CVSS 6.5
CVE-2016-0834 HIGH
Android 6.x - Remote Code Execution or Denial of Service via Crafted Media File
CVSS 8.4
CVE-2016-3961 MEDIUM
Xen < 4.5.3 and Linux Kernel through 4.5.x - Denial of Service via hugetlbfs Access in x86 PV Guests
CVSS 5.5
CVE-2016-2145 HIGH
Fedora < 0.11.0 - Improper Input Validation
CVSS 7.5
CVE-2016-1271 HIGH
Juniper Junos OS <12.1X46-D45, 12.1X47-D30, 12.3R11, 12.3X48-D25, 1...
CVSS 7.8
CVE-2016-1268 HIGH
Juniper ScreenOS - Denial of Service via Crafted SSL Packet
CVSS 7.5
CVE-2016-0889 CRITICAL
EMC Unisphere for VMAX Virtual Appliance <8.2.0 - Path Traversal
CVSS 9.8
CVE-2016-3069 HIGH
Mercurial < 3.7.3 - Remote Code Execution via Git Repository Conversion
CVSS 8.8
CVE-2016-3068 HIGH
Debian Linux < 3.7.2 - Improper Input Validation
CVSS 8.8
CVE-2016-1376 MEDIUM
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 - Denial of Service via Crafted Packet Bit Patterns
CVSS 5.3
CVE-2016-0147 HIGH
Microsoft XML Core Services 3.0 - Remote Code Execution
CVSS 8.8
CVE-2016-3655 CRITICAL
Palo Alto Networks PAN-OS <7.0.5 - RCE
CVSS 9.8
CVE-2016-3654 HIGH
Palo Alto Networks PAN-OS <7.0.5H2 - Command Injection
CVSS 7.2
CVE-2016-0785 HIGH
Apache Struts 2.0.0-2.3.20.3 - Remote Code Execution via Forced Double OGNL Evaluation
CVSS 8.8
CVE-2016-2170 CRITICAL
Apache OFBiz 12.04-12.04.05 and 13.07-13.07.02 - Remote Code Execution via Deserialization
CVSS 9.8
CVE-2016-3678 HIGH
Huawei S5300 S5700 S7700 S9300 S9700 Firmware - Denial of Service via Crafted Traffic
CVSS 7.5
CVE-2016-2381 HIGH
perl < 5.23.9 - Taint Protection Bypass via Duplicate Environment Variables
CVSS 7.5
CVE-2016-3980 HIGH
SAP Application Server Java 7.2-7.4 - Denial of Service via Crafted HTTP Request
CVSS 7.5
CVE-2016-3979 HIGH
SAP Java AS 7.2-7.4 - Denial of Service via IctParseCookies HTTP Request
CVSS 7.5
CVE-2016-2098 HIGH
Debian Linux < 3.2.22.1 - Improper Input Validation
CVSS 7.3
CVE-2016-0792 HIGH
Jenkins XStream Groovy classpath Deserialization Vulnerability
CVSS 8.8
CVE-2016-0789 MEDIUM
Jenkins <1.650-1.642.2 - CRLF Injection
CVSS 6.1
CVE-2016-2216 HIGH
Node.js HTTP Response Splitting via UTF-8 Encoded Unicode Characters
CVSS 7.5
CVE-2016-2086 HIGH
Node.js 0.10.x < 0.10.42, 0.12.x < 0.12.10, 4.x < 4.3.0, 5.x < 5.6.0 - HTTP Request Smuggling via Content-Length Header
CVSS 7.5
CVE-2016-1563 MEDIUM
NetApp Clustered Data ONTAP 8.3.1 - Info Disclosure
CVSS 6.8
Details
Vulnerabilities 12,628
Exploit Likelihood High