CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2015-1425 CRITICAL
JAKWEB Gecko CMS - Multiple Input Validation Vulnerabilities
CVSS 9.8
CVE-2015-2689 HIGH
Tor < 0.2.4.26 and 0.2.5.x < 0.2.5.11 - Denial of Service via DNS Load Handling
CVSS 7.5
CVE-2015-1525 MEDIUM
Android < 5.1 - Denial of Service via NULL Device Address in AudioPolicyManagerBase
CVSS 5.5
CVE-2015-2784 CRITICAL
papercrop < 0.3.0 - Improper Input Validation
CVSS 9.8
CVE-2015-6497 HIGH
Magento < 1.9.2.1 and < 1.14.2.1 - Authenticated Remote Code Execution via Product API
CVSS 8.8
CVE-2015-5230 HIGH
PowerDNS Authoritative 3.4.0-3.4.5 - Denial of Service via Crafted DNS Query Packets
CVSS 7.5
CVE-2015-3150 HIGH
abrt-dbus - Local Privilege Escalation
CVSS 7.1
CVE-2015-1855 MEDIUM
Ruby < 2.0.0p645, 2.1.x < 2.1.6, 2.2.x < 2.2.2 - Hostname Validation Bypass in OpenSSL Extension
CVSS 5.9
CVE-2015-1607 MEDIUM
GnuPG <1.4.19, 2.0.x <2.0.27, 2.1.x <2.1.2 - DoS
CVSS 5.5
CVE-2015-8980 CRITICAL
php-gettext < 1.0.12 - Remote Code Execution via Plural Form Formula
CVSS 9.8
CVE-2015-9415 HIGH
bj_lazy_load < 1.0 - Remote File Inclusion
CVSS 7.5
CVE-2015-9351 CRITICAL
feed-them-social < 1.7.0 - Unauthenticated Shortcode Execution via Facebook Feeds Load More Button
CVSS 9.8
CVE-2015-9348 HIGH
sell-downloads < 1.0.8 - Brute-Force Purchase ID Guessing
CVSS 7.5
CVE-2015-9345 HIGH
link_log < 2.0 - HTTP Response Splitting
CVSS 7.5
CVE-2015-7559 LOW
Apache ActiveMQ < 5.14.5 - Denial of Service via Remote Shutdown Command
CVSS 2.7
CVE-2015-1326 MEDIUM
python-dbusmock <0.15.1 - Code Injection
CVSS 5.7
CVE-2015-5606 HIGH
Vordel XML Gateway 7.2.2 - Denial of Service via Crafted Request
CVSS 7.5
CVE-2015-6461 MEDIUM
Schneider Electric Modicon BMXNOC0401 and BMXNOE/BMXNOR/BMXP3420 Firmware - Remote File Inclusion via Crafted URL
CVSS 5.4
CVE-2015-5159 HIGH
kdcproxy < 0.3.2 - Denial of Service via Large POST Request
CVSS 7.5
CVE-2015-9268 HIGH
Nullsoft Scriptable Install System < 2.49 - Unsafe Implicit Linking via Version.dll
CVSS 7.8
CVE-2015-9264 CRITICAL
Lansweeper 4.x-6.x < 6.0.0.48 - Remote Code Execution via Crafted Windows Service
CVSS 9.8
CVE-2015-4664 CRITICAL
CA Privileged Access Manager < 2.4.4.4 - Remote Command Execution
CVSS 9.8
CVE-2015-9239 HIGH
ansi2html - Regular Expression Denial of Service via User Input
CVSS 7.5
CVE-2015-9242 HIGH
ecstatic < 1.4.0 - Denial of Service via If-Modified-Since Header
CVSS 7.5
CVE-2015-9241 HIGH
hapi < 11.1.3 - Denial of Service via If-Modified-Since or Last-Modified Header
CVSS 7.5
Details
Vulnerabilities 12,628
Exploit Likelihood High