CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,631 vulnerabilities with CWE-20
CVE-2015-7686
Email-Address < 1.908 - Denial of Service via Crafted Email Address List with Nested Comments
CVE-2015-4992
IBM Sterling B2B Integrator 5.2 - Authenticated Clickjacking
CVE-2015-6602
Android < 5.1.1 - Remote Code Execution via Crafted MP3/MP4 Metadata
CVE-2015-3876
Android < 5.1.1 - Remote Code Execution via Crafted MP3/MP4 Metadata
CVE-2015-3837
Android < 5.1 - Remote Code Execution via Crafted Intent
CVE-2015-7337
IPython Notebook < 3.2.2 and Jupyter Notebook 4.0.0-4.0.4 - Remote Code Execution via Crafted File MIME Type
CVE-2015-5074
X2Engine X2CRM < 5.0.8 - Authenticated Arbitrary File Upload via .pht Extension
CVE-2015-6279
Cisco IOS 12.2, 15.0-15.5 & IOS XE 3.2SE-3.14.2S DoS via Malformed IPv6 ND Packet with CGA Option
CVE-2015-6278
Cisco IOS 12.2, 15.0-15.5 & IOS XE 3.2SE-3.14.2S DoS via IPv6 ND Packet Flood
CVE-2015-6282
Cisco IOS XE < 3.10.6S/3.13.3S/3.15.1S DoS via NAT/MPLS Packet Handling
CVE-2015-7375
InduSoft Web Studio < 7.1.3.6 - Remote Code Execution via Crafted Project File
CVE-2015-7374
InduSoft Web Studio < 7.1.3.6 - Remote Code Execution via Remote Agent
CVE-2015-5568
Adobe Flash Player <18.0.0.241-11.2.202.521, Adobe AIR <19.0.0.190 ...
CVE-2015-2917
Securifi Almond and Almond-2015 Firmware - Clickjacking via Missing X-Frame-Options Header
CVE-2015-6300
Cisco Secure Access Control Server 5.7(0.15) - Authenticated Denial of Service via Crafted CLI or GUI Commands
CVE-2015-4638
F5 BIG-IP 11.3.0-11.5.2, 11.6.0-11.6.0 HF4 DoS via Fragmented Packet
CVE-2015-5879
iPhone OS < 8.4.1 and macOS < 10.10.5 - Denial of Service via TCP Header Validation Bypass
CVE-2015-5869
macOS < 10.10.5 and iOS < 8.4.1 - Neighbor Discovery Hop-Limit Manipulation via Router Advertisement
CVE-2015-5837
Apple iOS < 9 - Unauthenticated Arbitrary Extension Installation via Crafted Enterprise App
CVE-2015-5820
Safari < 8.0.8 - Unauthenticated URL Scheme Handling Flaw via tel://, facetime://, or facetime-audio://
CVE-2015-5767
Safari < 8.0.8 and iPhone OS < 8.4.1 - URL Spoofing
CVE-2015-5765
Safari < 9 - URL Spoofing
CVE-2015-5764
Safari < 8.0.8 and iPhone OS < 8.4.1 - URL Spoofing
CVE-2015-7234
Open Semantic Framework 7.x-3.x - Arbitrary File Deletion via OSF Ontology and Import Modules
CVE-2015-7231
Commerce Commonwealth 7.x-1.x < 7.x-1.5 - Unauthenticated Payment Validation Bypass via Crafted URL
Details
Vulnerabilities 12,631
Exploit Likelihood High