CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2015-9235 CRITICAL
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
CVSS 9.8
CVE-2015-9212 CRITICAL
Qualcomm MSM8909W, SD 210/212/205, SD 400, SD 410/12, SD 800 Firmware - Buffer Overread via TZ_PR_CMD_SAVE_KEY Command
CVSS 9.8
CVE-2015-9210 CRITICAL
Qualcomm Multiple Chipsets Firmware - Memory Overread in playready_licacq_process_response()
CVSS 9.8
CVE-2015-9208 CRITICAL
Qualcomm Mdm9206 Firmware - Improper Input Validation
CVSS 9.8
CVE-2015-9207 CRITICAL
Qualcomm Snapdragon Mobile and Wear Firmware - Buffer Overread via playready_getadditional_responsedata
CVSS 9.8
CVE-2015-9196 CRITICAL
Qualcomm FSM9055 MDM9635M SD 400 SD 800 Firmware - Privilege Escalation via tzbsp_ocmem Input Validation
CVSS 9.8
CVE-2015-9193 HIGH
Qualcomm Mdm9206 Firmware - Improper Input Validation
CVSS 7.5
CVE-2015-9182 CRITICAL
Qualcomm Multiple Chipsets Firmware - Buffer Over-Read in OEMCrypto_GenerateSignature()
CVSS 9.8
CVE-2015-9151 CRITICAL
Qualcomm MDM9625, MDM9635M, SD 400, and SD 800 Firmware - Improper Input Validation
CVSS 9.8
CVE-2015-9147 CRITICAL
Qualcomm MDM9625, MDM9635M, SD 400, and SD 800 Firmware - Memory Corruption via Unvalidated Pointer
CVSS 9.8
CVE-2015-9146 CRITICAL
Qualcomm Mdm9625 Firmware - Improper Input Validation
CVSS 9.8
CVE-2015-9139 CRITICAL
Qualcomm Snapdragon Mobile and Wear Firmware - Improper Input Validation during SSL Handshake
CVSS 9.8
CVE-2015-9131 HIGH
Qualcomm Snapdragon Mobile Firmware - Unauthorized Memory Access via qsee Input Validation
CVSS 7.5
CVE-2015-9116 CRITICAL
Qualcomm MDM9625/SD 425/430/450/625/650/652/810/820/820A - Untrusted Pointer Dereference in QTEE
CVSS 9.8
CVE-2015-9115 CRITICAL
Qualcomm Snapdragon Firmware - Improper Input Validation in qsee_prng_getdata Syscall
CVSS 9.8
CVE-2015-9110 CRITICAL
Qualcomm Snapdragon Firmware - Improper Input Validation in qsee_get_secure_state Syscall
CVSS 9.8
CVE-2015-9108 CRITICAL
Qualcomm MDM9625/SD 425/430/450/625/650/652/820/820A Firmware - Arbitrary Read/Write via QSEE Syscall
CVSS 9.8
CVE-2015-2081 CRITICAL
Datto ALTO and SIRIS Firmware - Unauthenticated Remote Code Execution via PHP Script Requests
CVSS 9.8
CVE-2015-5674 MEDIUM
FreeBSD routed daemon - Denial of Service via Network Query
CVSS 6.5
CVE-2015-2186 HIGH
edx/configuration - Account Spoofing via CORS_ORIGIN_ALLOW_ALL String Literal Misconfiguration
CVSS 7.5
CVE-2015-9246 CRITICAL
Skybox Platform < 7.5.201 - Unauthenticated Remote Code Execution via WAR Archive Upload
CVSS 9.8
CVE-2015-1835 MEDIUM
Apache Cordova Android < 3.7.2 and 4.x < 4.0.2 - Secondary Configuration Variable Modification via Intent URL
CVSS 5.3
CVE-2015-6839 MEDIUM
MSA vot.Ar 3.1 - Multiple Vote Casting via RFID Ballot Tag
CVSS 4.6
CVE-2015-2156 HIGH
Netty Cookie HttpOnly Flag Bypass via Improper Input Validation
CVSS 7.5
CVE-2015-3138 HIGH
tcpdump < 4.7.4 - Denial of Service in print-wb.c
CVSS 7.5
Details
Vulnerabilities 12,628
Exploit Likelihood High