CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2016-1291 CRITICAL
Cisco Prime Infrastructure <2.2 - Code Injection
CVSS 9.8
CVE-2016-1345 HIGH
Cisco FireSIGHT System Software <6.0.1 - Auth Bypass
CVSS 7.5
CVE-2016-1351 HIGH
Cisco IOS 15.1-15.2 and NX-OS 4.1-6.2 - Denial of Service via Crafted LISP Packet Header
CVSS 7.5
CVE-2016-1763 LOW
iPhone OS < 9.3 - Authenticated Information Disclosure via SMS URL Auto-Fill
CVSS 3.5
CVE-2016-1752 MEDIUM
Apple iOS < 9.3, macOS < 10.11.4, tvOS < 9.2, watchOS < 2.2 - Denial of Service via Crafted App
CVSS 5.5
CVE-2016-1747 HIGH
macOS < 10.11.4 - Remote Code Execution via IOGraphics Memory Corruption
CVSS 7.8
CVE-2016-1746 HIGH
macOS < 10.11.4 - Remote Code Execution via IOGraphics Memory Corruption
CVSS 7.8
CVE-2016-1733 HIGH
Apple OS X < 10.11.4 - Memory Corruption in AppleRAID
CVSS 7.8
CVE-2016-1998 CRITICAL
HPE Service Manager <9.35 P4-9.41.P2 - Command Injection
CVSS 9.8
CVE-2016-1997 CRITICAL
HPE Operations Orchestration <10.51-1.7.0 - Command Injection
CVSS 9.8
CVE-2016-0815 CRITICAL
Android <4.4.4, <5.1.1 LMY49H, <2016-03-01 - RCE/DoS
CVSS 9.8
CVE-2016-1338 MEDIUM
Cisco TelePresence VCS X8.5.1-8.5.2 - DoS
CVSS 6.5
CVE-2016-2088 MEDIUM
ISC BIND 9.10.x < 9.10.3-P4 - Denial of Service via Malformed DNS Cookie Packet
CVSS 6.8
CVE-2016-2774 MEDIUM
ISC DHCP 4.1.x < 4.1-ESV-R13 and 4.2.x-4.3.x < 4.3.4 - Denial of Service via Concurrent TCP Session Flood
CVSS 5.9
CVE-2016-1008 HIGH
Adobe Acrobat and Reader < 11.0.15 - Untrusted Search Path DLL Hijacking
CVSS 8.4
CVE-2016-0132 CRITICAL
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1 - XML Signature Spoofing via Modified Document
CVSS 9.8
CVE-2016-0121 HIGH
Microsoft Windows - Remote Code Execution via Crafted OpenType Font
CVSS 8.8
CVE-2016-0120 MEDIUM
Microsoft Windows - Denial of Service via Crafted OpenType Font
CVSS 6.5
CVE-2016-0118 HIGH
Windows 10 - Remote Code Execution via Crafted PDF Document
CVSS 7.8
CVE-2016-0117 HIGH
Microsoft Windows PDF Library - Remote Code Execution via Crafted PDF Document
CVSS 7.8
CVE-2016-0101 HIGH
Microsoft Windows - Remote Code Execution via Crafted Media Content
CVSS 8.8
CVE-2016-0100 HIGH
Windows Vista SP2 and Server 2008 SP2 - Local Privilege Escalation via Library Loading
CVSS 8.4
CVE-2016-0098 HIGH
Microsoft Windows - Remote Code Execution via Crafted Media Content
CVSS 8.8
CVE-2016-0092 HIGH
Microsoft Windows - Remote Code Execution via OLE File Handling
CVSS 7.8
CVE-2016-0091 HIGH
Microsoft Windows OLE - Remote Code Execution via Crafted File
CVSS 7.8
Details
Vulnerabilities 12,628
Exploit Likelihood High