CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,634 vulnerabilities with CWE-20
CVE-2015-1131
Apple OS X <10.10.3 - Privilege Escalation
CVE-2015-1126
Apple iOS < 8.3 and Safari < 6.2.5 - Remote Resource Access via FTP URL Userinfo Field
CVE-2015-1105
Apple iOS <8.3, Apple OS X <10.10.3, Apple TV <7.2 - DoS
CVE-2015-1104
Apple iOS <8.3, OS X <10.10.3, TV <7.2 - SSRF
CVE-2015-1103
Apple iOS <8.3, OS X <10.10.3, TV <7.2 - DoS
CVE-2015-1102
macOS < 10.10.2, iOS < 8.2, tvOS < 7.1 - Denial of Service via TCP Header Handling
CVE-2015-1088
Apple iOS <8.3 & Apple OS X <10.10.3 - RCE
CVE-2015-1086
Apple iOS <8.3 & Apple TV <7.2 - RCE
CVE-2015-2822
Siemens SIMATIC HMI Comfort Panels and WinCC Runtime Advanced < 13 SP1 Upd2 - Denial of Service via Crafted TCP Packets
CVE-2015-0799
Canonical Ubuntu Linux < 37.0 - Improper Input Validation
CVE-2015-1843
Red Hat docker < 1.5.0-27 - Man-in-the-Middle Downgrade Attack via HTTPS to HTTP Fallback
CVE-2015-0685
Cisco IOS XE < 3.7.5S - Denial of Service via Crafted IP Packets
CVE-2015-2819
SAP Sybase SQL Anywhere 11 and 16 - Denial of Service via Crafted Request
CVE-2015-2752
Fedora - Improper Input Validation
CVE-2015-0810
Mozilla Firefox < 36.0.4 - Clickjacking via Flash and Layered DIV Elements
CVE-2015-2776
Debian Linux < 1.0.0h - Improper Input Validation
CVE-2015-2754
FreeXL < 1.0.0i - Denial of Service and Possible Remote Code Execution via Crafted Workbook
CVE-2015-2753
Debian Linux < 1.0.0h - Improper Input Validation
CVE-2015-2684
Shibboleth Service Provider < 2.5.4 - Authenticated Denial of Service via Crafted SAML Message
CVE-2015-2790
Foxit Reader, Enterprise Reader, and PhantomPDF < 7.1 - Denial of Service via GIF Image LZWMinimumCodeSize
CVE-2015-1609
MongoDB <2.4.13, <2.6 - DoS
CVE-2015-0679
Cisco Wireless LAN Controller Software 7.3(103.8) and 7.4(110.0) - Denial of Service via Malformed Password
CVE-2015-0658
Cisco NX-OS - Remote Code Execution via DHCP POAP Response Packet
CVE-2015-2765
Websense TRITON AP-EMAIL < 7.8.3 - Clickjacking
CVE-2015-0650
Cisco IOS XE 3.9.xS-3.13.xS - Denial of Service via Malformed mDNS UDP Packets
Details
Vulnerabilities 12,634
Exploit Likelihood High