CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,634 vulnerabilities with CWE-20
CVE-2015-4652
Debian Linux - Improper Input Validation
CVE-2015-3183
Apache HTTP Server 2.2.0-2.2.30 - HTTP Request Smuggling via Chunked Transfer Coding
CVE-2015-4111
BlackBerry Link < 1.2.3.52 - Remote Code Execution via Crafted MP4 File
CVE-2015-1980
IBM InfoSphere Master Data Management Collaborative Edition 9.1-11.4 < FP03 Authenticated Clickjacking
CVE-2015-0157
IBM DB2 9.7-10.5 FP5 Authenticated DoS via SQL Scalar Function
CVE-2015-0725
Cisco Videoscape Distribution Suite DoS via Crafted HTTP Request
CVE-2015-5386
Siemens SICAM MIC <2404 - Auth Bypass
CVE-2015-4278
Cisco Email Security Appliance Firmware 8.5.6-106 and 9.5.0-201 - Denial of Service via Malformed DMARC DNS TXT Record
CVE-2015-4276
Cisco WebEx Meetings Server 2.5MR1 - Authenticated Remote Code Execution via Crafted Command Parameter
CVE-2015-4266
Cisco Identity Services Engine Software 1.1(4.1) 1.3(106.146) 1.3(120.135) - Cross-Frame Scripting via IFRAME Element
CVE-2015-3621
SAP Enterprise Central Component - Untrusted Search Path Privilege Escalation
CVE-2015-5091
Adobe Acrobat/Reader DoS via Invalid Data (10.x < 10.1.15, 11.x < 11.0.12, DC < 2015.006.30060/2015.008.20082)
CVE-2015-4273
Cisco ASR 5000 Series Software 15.0(912), 15.0(935), 15.0(938) - Denial of Service via Malformed IP Packet
CVE-2015-2417
Microsoft Windows OLE - Privilege Escalation via Crafted Input
CVE-2015-2416
Microsoft Windows OLE - Privilege Escalation via Crafted Input
CVE-2015-2412
Microsoft Internet Explorer 10 and 11 - Arbitrary Local File Read via Crafted Pathname
CVE-2015-5144
Canonical Ubuntu Linux < 1.4.20 - Improper Input Validation
CVE-2015-5457
PivotX < 2.3.11 - Remote Code Execution via File Extension Validation Bypass
CVE-2015-4648
Panasonic Security API ActiveX SDK < 8.10.14 - Stack-Based Buffer Overflow via MulticastAddr Method
CVE-2015-2727
Mozilla Firefox 38.0/ESR 38.0 - Arbitrary File Read & Privileged JS Execution
CVE-2015-0543
EMC Secure Remote Services Virtual Edition 3.x - Man-in-the-Middle Attack via Improper X.509 Certificate Validation
CVE-2015-2964
namshi/jose < 5.0.0 - Signature Verification Bypass via Crafted JWT Tokens
CVE-2015-0548
EMC Documentum D2 4.1, 4.2 < P16, 4.5 < P03 - Authenticated DQL Injection via D2DownloadService.getDownloadUrls
CVE-2015-0547
EMC Documentum D2 4.1, 4.2 < P16, 4.5 < P03 - Authenticated DQL Injection via D2CenterstageService.getComments
CVE-2015-3726
iPhone OS < 8.4 - Remote Code Execution via Crafted SIM or UIM Card
Details
Vulnerabilities 12,634
Exploit Likelihood High