CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,635 vulnerabilities with CWE-20
CVE-2014-0091 MEDIUM
Foreman - Partial Denial of Service via Improper Input Validation
CVSS 5.3
CVE-2014-1937 HIGH
Gamera < 3.4.1 - Insecure Temporary File Creation
CVSS 7.5
CVE-2014-1936 HIGH
rc <1.7.1-5 - Info Disclosure
CVSS 7.5
CVE-2014-1935 MEDIUM
9base <1:6-6,1:6-7 - Info Disclosure
CVSS 5.3
CVE-2014-0084 MEDIUM
Ruby gem openshift-origin-node <2014-02-14 - DoS
CVSS 5.5
CVE-2014-5118 MEDIUM
Trusted Boot < 1.8.2 - Security Bypass via Loader Component
CVSS 5.5
CVE-2014-9013 HIGH
WP Marketplace <2.4.0 - Privilege Escalation
CVSS 8.8
CVE-2014-2304 HIGH
Open Floodlight SDN Controller 0.90 - Denial of Service via Malformed FEATURES_REPLY Messages
CVSS 7.5
CVE-2014-10384 CRITICAL
memphis-documents-library < 3.0 - Local File Inclusion
CVSS 9.8
CVE-2014-10383 CRITICAL
memphis_documents_library < 3.0 - Remote File Inclusion
CVSS 9.8
CVE-2014-3798 MEDIUM
Citrix XenServer 6.2 SP1 and earlier - Denial of Service via Crafted Ethernet Frame
CVSS 6.5
CVE-2014-1426 HIGH
Canonical Metal as a Service < 1.9.2 - Unauthenticated Arbitrary File Read via maasserver.api.get_file_by_name
CVSS 8.6
CVE-2014-9186 CRITICAL
Honeywell Experion PKS <R400 - File Inclusion
CVSS 9.8
CVE-2014-10077 HIGH
I18n < 0.8.0 - Improper Input Validation
CVSS 7.5
CVE-2014-0593 HIGH
open_build_service 0.5.3-1.1 - OS Command Injection via set_version Script
CVSS 7.8
CVE-2014-0900 HIGH
Android < 4.4.1 - Device Administrator Spoofing via mAdminMap Data Structure
CVSS 8.8
CVE-2014-9986 HIGH
Qualcomm MSM8909W and Snapdragon Firmware - Memory Overread in playready_licacq_process_response()
CVSS 7.5
CVE-2014-10051 CRITICAL
Qualcomm Mdm9206 Firmware - Improper Input Validation
CVSS 9.8
CVE-2014-5170 CRITICAL
Drupal Storage API < 7.x-1.6 - Remote Code Execution via .htaccess Misconfiguration
CVSS 9.8
CVE-2014-0486 HIGH
Knot DNS < 1.5.2 - Denial of Service via Crafted DNS Message
CVSS 7.5
CVE-2014-2032 MEDIUM
Deadwood <2.3.09, 3.x <3.2.05 - DoS
CVSS 5.9
CVE-2014-3206 CRITICAL
Seagate BlackArmor NAS - Remote Code Execution via Session or Auth Name Parameter
CVSS 9.8
CVE-2014-5282 HIGH
Docker < 1.3 - Image ID Validation Bypass via Untrusted Image Loading
CVSS 8.1
CVE-2014-8166 HIGH
CUPS < 1.6 - Remote Code Execution via ANSI Escape Sequences in Printer Name
CVSS 8.8
CVE-2014-5003 MEDIUM
ciborg 3.0.0 - Privilege Escalation
CVSS 5.5
Details
Vulnerabilities 12,635
Exploit Likelihood High