CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2016-2844 HIGH
Google Chrome < 48.0.2564.116 - Denial of Service via Incorrect Anonymous Block Wrapper Handling
CVSS 8.8
CVE-2016-1359 HIGH
Cisco Prime Infrastructure 3.0 - RCE
CVSS 8.8
CVE-2016-1288 MEDIUM
Cisco AsyncOS <8.5.3-051 & 9.x <9.0.0-485 - DoS
CVSS 5.3
CVE-2016-2562 MEDIUM
phpMyAdmin 4.5.x < 4.5.5.1 - Man-in-the-Middle Attack via Unverified X.509 Certificates
CVSS 6.8
CVE-2016-2528 MEDIUM
Wireshark 2.0.x - Denial of Service via LBMC Dissector Length Validation
CVSS 5.9
CVE-2016-2527 MEDIUM
Wireshark 2.0.x < 2.0.2 - Denial of Service via 3GPP TS 32.423 Trace File Parser
CVSS 5.5
CVE-2016-2526 MEDIUM
Wireshark 2.0.x < 2.0.2 - Denial of Service via HiQnet Dissector Data Type Validation
CVSS 5.9
CVE-2016-2525 MEDIUM
Wireshark 2.0.x < 2.0.2 - Denial of Service via HTTP/2 Header Data
CVSS 5.9
CVE-2016-2524 MEDIUM
Wireshark 2.0.x < 2.0.2 - Denial of Service in X.509AF Dissector
CVSS 5.9
CVE-2016-2572 HIGH
Squid 4.x < 4.0.7 - Denial of Service via Malformed HTTP Response
CVSS 7.5
CVE-2016-2571 HIGH
Squid 3.x < 3.5.15 and 4.x < 4.0.7 - Denial of Service via Malformed HTTP Response
CVSS 7.5
CVE-2016-2570 HIGH
Squid 3.x < 3.5.15 and 4.x < 4.0.7 - Denial of Service via ESI XML Parser Buffer Overflow
CVSS 7.5
CVE-2016-2569 HIGH
Squid 3.x < 3.5.15 and 4.x < 4.0.7 - Denial of Service via HTTP Vary Header
CVSS 7.5
CVE-2016-2537 HIGH
is-my-json-valid < 2.12.4 - Denial of Service via Crafted String
CVSS 7.5
CVE-2016-1156 MEDIUM
LINE < 4.3.1 (OS X) and < 4.3.0.724 (Windows) - Authenticated Denial of Service via Timeline Post
CVSS 5.7
CVE-2016-2270 MEDIUM
Debian Linux < 4.6.1 - Improper Input Validation
CVSS 6.8
CVE-2016-1987 MEDIUM
HP-UX IPFilter A.11.31.18.21 - Denial of Service via UDP Packet Handling
CVSS 5.9
CVE-2016-1334 MEDIUM
Cisco Small Business 500 Wireless Access Point <1.0.4.4 - RCE
CVSS 5.3
CVE-2016-1153 MEDIUM
Cybozu Office 9.9.0-10.3.0 - Authenticated Denial of Service
CVSS 6.5
CVE-2016-0950 MEDIUM
Adobe Connect < 9.5.2 - User Interface Spoofing
CVSS 5.3
CVE-2016-0050 MEDIUM
Microsoft Windows Server 2008 and 2012 - Denial of Service via RADIUS Authentication Request Parsing
CVSS 5.3
CVE-2016-0046 HIGH
Windows Reader - Remote Code Execution via Crafted Reader File
CVSS 7.8
CVE-2016-0044 HIGH
Sync Framework in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 - DoS via Crafted Change Batch Data
CVSS 7.5
CVE-2016-0037 HIGH
Windows Server 2012 R2 - Denial of Service via Crafted Data in ADFS Forms-Based Authentication
CVSS 7.5
CVE-2016-2089 MEDIUM
JasPer 1.900.1 - Denial of Service via Crafted JPEG 2000 Image
CVSS 6.5
Details
Vulnerabilities 12,628
Exploit Likelihood High