CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,635 vulnerabilities with CWE-20
CVE-2014-9808 MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Crafted DPC Image
CVSS 5.5
CVE-2014-9806 MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via File Descriptor Consumption
CVSS 5.5
CVE-2014-9805 MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Crafted PNM File
CVSS 5.5
CVE-2014-9851 HIGH
ImageMagick 6.8.9.9 - DoS
CVSS 7.5
CVE-2014-8705 CRITICAL
Wonder CMS 2014 - RCE
CVSS 9.8
CVE-2014-9645 MEDIUM
BusyBox < 1.22.1 - Local Kernel Module Loading Restriction Bypass via Slash in Module Name
CVSS 5.5
CVE-2014-9755 HIGH
Viprinet MultichannelVPN Router 300 - Info Disclosure
CVSS 7.5
CVE-2014-9754 MEDIUM
Viprinet MultichannelVPN Router 300 - Info Disclosure
CVSS 5.9
CVE-2014-2146 MEDIUM
Cisco IOS < 15.4(1)t1 and IOS XE < 15.4(3)s - Zone-Based Firewall Bypass via Spoofed Session Traffic
CVSS 6.5
CVE-2014-9410 CRITICAL
Linux kernel 3.x - Privilege Escalation
CVSS 9.8
CVE-2014-9889 HIGH
Android < 6.0.1 - Privilege Escalation via Unvalidated CPP Frame Messages
CVSS 7.8
CVE-2014-9886 HIGH
Android < 6.0.1 - Privilege Escalation via USF Driver Input Validation
CVSS 7.8
CVE-2014-9884 HIGH
Android < 6.0.1 - Privilege Escalation via Unvalidated Pointer in qseecom Driver
CVSS 7.8
CVE-2014-9872 HIGH
Android <2016-08-05 - Privilege Escalation
CVSS 7.8
CVE-2014-9866 HIGH
Android <2016-08-05 - Privilege Escalation
CVSS 7.8
CVE-2014-9864 HIGH
Android <2016-08-05 - Privilege Escalation
CVSS 7.8
CVE-2014-9746 CRITICAL
FreeType < 2.5.3 - Denial of Service via Unchecked Return Values in Font Parsing
CVSS 9.8
CVE-2014-9764 HIGH
imlib2 <1.4.7 - DoS
CVSS 7.5
CVE-2014-9762 HIGH
imlib2 < 1.4.7 - Denial of Service via GIF Image Without Colormap
CVSS 7.5
CVE-2014-9757 CRITICAL
Atlassian Bamboo <5.9.9 & 5.10.x <5.10.0 - RCE
CVSS 9.8
CVE-2014-8873
OpenJDK - Remote Code Execution via JAR File MIME Type Handling
CVE-2014-9751
NTP 4.x < 4.2.8p1 - Remote Attack via IPv6 Loopback Address Spoofing
CVE-2014-9750
NTP 4.x <4.2.8p1 - Info Disclosure/DoS
CVE-2014-2332
check_mk < 1.2.2 - Authenticated Arbitrary File Deletion via Insecure Direct Object Reference
CVE-2014-8603
XCloner 3.1.1 and 3.5.1 - Authenticated Remote Code Execution via Shell Metacharacter Injection
Details
Vulnerabilities 12,635
Exploit Likelihood High