CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,628 vulnerabilities with CWE-20
CVE-2015-8747 CRITICAL
Radicale < 1.1 - Unauthenticated Arbitrary File Read and Write via Multifilesystem Storage Backend
CVSS 10.0
CVE-2015-8265 HIGH
Huawei Mobile WiFi - Info Disclosure
CVSS 7.5
CVE-2015-8705 HIGH
ISC BIND 9.10.x < 9.10.3-P3 - Denial of Service via OPT Data or ECS Option
CVSS 7.0
CVE-2015-8704 MEDIUM
ISC BIND 9.x < 9.9.8-P3 and 9.10.x < 9.10.3-P3 - Authenticated Denial of Service via Malformed APL Record
CVSS 6.5
CVE-2015-4951 MEDIUM
IBM Spectrum Protect 5.5-6.x < 6.3.2.5, 6.4 < 6.4.3.1, 7.1 < 7.1.3 - Denial of Service via Crafted Web Client URL
CVSS 5.3
CVE-2015-6864 MEDIUM
HPE ArcSight Logger < 6.1P1 - Authenticated Remote Code Execution via Intellicus or Client-Certificate Upload
CVSS 6.3
CVE-2015-6863 HIGH
HPE ArcSight Logger < 6.1 - Remote Code Execution via Intellicus or Client-Certificate Upload
CVSS 7.3
CVE-2015-8688 MEDIUM
Gajim < 0.16.4 - Roster Modification and Message Interception via IQ Stanza
CVSS 5.4
CVE-2015-8605 MEDIUM
ISC DHCP <4.1-ESV-R12-P1, 4.2.x, 4.3.x <4.3.3-P1 - DoS
CVSS 6.5
CVE-2015-8607 HIGH
Perl <3.62 - Code Injection
CVSS 7.3
CVE-2015-8466 HIGH
Swift3 <1.9 - Info Disclosure
CVSS 7.4
CVE-2015-7759 LOW
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 - Denial of Service via Crafted ICMP Packets
CVSS 3.7
CVE-2015-8331 HIGH
Huawei VCN500 <V100R002C00SPC200 - Info Disclosure
CVSS 7.4
CVE-2015-8760 MEDIUM
TYPO3 CMS 6.2.0-6.2.15 - Cross-Site Flashing via Flvplayer Component
CVSS 6.1
CVE-2015-8226 MEDIUM
Huawei ALE and GEM-703L Firmware - Denial of Service via JPU Driver Input Validation
CVSS 5.5
CVE-2015-8225 MEDIUM
Huawei ALE and GEM-703L Firmware - Denial of Service via JPU Driver
CVSS 5.5
CVE-2015-7754 HIGH
Juniper ScreenOS <6.3.0r21 - DoS/Code Injection
CVSS 8.1
CVE-2015-7519 LOW
Phusion Passenger <4.0.60, 5.0.x <5.0.22 - Header Spoofing
CVSS 3.7
CVE-2015-5254 CRITICAL
Apache ActiveMQ <5.13.0 - RCE
CVSS 9.8
CVE-2015-8742 MEDIUM
Wireshark 2.0.x - Denial of Service via MS-WSP Dissector Column Size Validation
CVSS 5.5
CVE-2015-8741 MEDIUM
Wireshark 2.0.x - Denial of Service via PPI Dissector Packet Header
CVSS 5.5
CVE-2015-8740 MEDIUM
Wireshark 2.0.x < 2.0.1 - Denial of Service via TDS Dissector Column Count Overflow
CVSS 5.3
CVE-2015-8739 MEDIUM
Wireshark 2.0.x - Denial of Service via IPMI Dissector Packet Scope Access
CVSS 5.5
CVE-2015-8738 MEDIUM
Wireshark 2.0.x - Denial of Service via S7COMM Dissector SZL Response List Count
CVSS 5.5
CVE-2015-8737 MEDIUM
Wireshark 2.0.x - Denial of Service via MP2T File Parser Bit Rate Validation
CVSS 5.5
Details
Vulnerabilities 12,628
Exploit Likelihood High