CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,635 vulnerabilities with CWE-20
CVE-2015-1371
ferretCMS 1.0.4-alpha - Authenticated Remote Code Execution via Unrestricted File Upload
CVE-2015-0578
Cisco Adaptive Security Appliance Software - Denial of Service via Crafted DHCP Packets
CVE-2015-0301
Adobe Flash Player < 13.0.0.260 and 14.x-16.x < 16.0.0.257 - Improper Input Validation
CVE-2015-0582
Cisco NX-OS - Denial of Service via Crafted Traffic
CVE-2015-0563
Opensuse - Improper Input Validation
CVE-2015-0561
Wireshark 1.10.x < 1.10.12 and 1.12.x < 1.12.3 - Denial of Service via LPP Dissector Index Validation
CVE-2014-125119 HIGH
WinRAR 3.80-3.90 and 4.11-4.99 - Filename Spoofing via ZIP Central Directory and Local File Header Inconsistency
CVE-2014-125117 CRITICAL
D-Link DSP-W215 1.02 - Unauthenticated Stack-based Buffer Overflow via /common/info.cgi HTTP POST Request
CVSS 9.8
CVE-2014-125114 HIGH
i-Ftp 2.20 - Stack-based Buffer Overflow via Schedule.xml Time Attribute
CVE-2014-0144 HIGH
QEMU < 2.0.0 - Remote Code Execution via Block Driver Input Validation Flaws
CVSS 8.6
CVE-2014-4657 CRITICAL
Ansible < 1.5.4 - Remote Code Execution via Safe Eval Function
CVSS 9.8
CVE-2014-4651 CRITICAL
Apache jclouds 1.7.3-1.7.9 - Predictable Temporary File Location
CVSS 9.8
CVE-2014-9390 CRITICAL
Malicious Git and Mercurial HTTP Server For CVE-2014-9390
CVSS 9.8
CVE-2014-5091 CRITICAL
status2k 2.5 - Remote Code Execution via Multies Parameter
CVSS 9.8
CVE-2014-5087 CRITICAL
Sphider < 1.3.6 - Remote Code Execution via admin/spiderfuncs.php
CVSS 9.8
CVE-2014-5468 HIGH
Railo < 4.2.1.000 - Remote File Inclusion via Thumbnail CFM Request
CVSS 8.8
CVE-2014-7224 HIGH
Android < 4.4 - Remote Code Execution via addJavascriptInterface
CVSS 8.8
CVE-2014-8126 HIGH
HTCondor < 8.2.6 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2014-2914 CRITICAL
fish 2.0.0-2.1.1 - Remote Code Execution via Configuration Service
CVSS 9.8
CVE-2014-2271 HIGH
Kingsoft Office 5.3.1 - Remote Code Execution via HTTPS Downgrade Attack
CVSS 8.1
CVE-2014-5092 HIGH
status2k - Remote Command Execution via admin/options/editpl.php
CVSS 8.8
CVE-2014-0048 CRITICAL
Docker < 1.6.0 - Remote Code Execution via Insecure HTTP Downloads
CVSS 9.8
CVE-2014-5289 CRITICAL
Senkas Kolibri 2.0 - Remote Code Execution via Long URI in POST Request
CVSS 9.8
CVE-2014-8179 HIGH
Docker Engine < 1.8.3 and CS Docker Engine < 1.6.2-cs7 - Manifest Validation Bypass via JSON Injection
CVSS 7.5
CVE-2014-8178 MEDIUM
Docker Engine < 1.8.3 and CS Docker Engine < 1.6.2-cs7 - Image Cache Poisoning via Layer Identifier Collision
CVSS 5.5
Details
Vulnerabilities 12,635
Exploit Likelihood High