CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,636 vulnerabilities with CWE-20
CVE-2014-8603
XCloner 3.1.1 and 3.5.1 - Authenticated Remote Code Execution via Shell Metacharacter Injection
CVE-2014-8887
IBM Marketing Operations <8.5.0.7.2, <8.6.0.8, <9.0.0.4.1, <9.1.0.5...
CVE-2014-9201
Beckwith Electric <D-0346V03.00.02 - Info Disclosure
CVE-2014-9721
libzmq <4.0.6, <4.1.1 - Downgrade Attack
CVE-2014-4778
IBM License Metric Tool <9.1.0.2 - CSRF
CVE-2014-1901
Y-Cam Camera Firmware <= 4.30 - Denial of Service via Malformed Path Parameter
CVE-2014-9462
Mercurial <3.2.4 - Remote Code Execution
CVE-2014-9653
PHP <5.4.37, 5.5.x <5.5.21, 5.6.x <5.6.5 - DoS
CVE-2014-9369
Siemens SPC4000, SPC5000, and SPC6000 Firmware < 3.6.0 - Denial of Service via Crafted Packets
CVE-2014-8160
Linux Kernel < 3.18 - Unauthenticated Access Restriction Bypass via Incorrect Conntrack Entry Generation
CVE-2014-2147
Cisco Prime Infrastructure <2.1 - XSS
CVE-2014-8013
Cisco NX-OS - Denial of Service via Long CLI Command
CVE-2014-8836
Apple macOS X < 10.10.2 - Remote Code Execution or Denial of Service via Bluetooth Driver
CVE-2014-8825
Apple OS X <10.10.2 - Privilege Escalation
CVE-2014-8824
macOS < 10.10.2 - Remote Code Execution via IODataQueue Metadata Validation
CVE-2014-4494
iPhone OS < 8.1.3 - Unauthenticated App Trust Decision Bypass via Signature Validation Flaw
CVE-2014-8479
SCALANCE X-300 and X-408 Firmware < 4.0 - Authenticated Denial of Service via FTP Packet Handling
CVE-2014-9598
VideoLAN VLC media player <2.1.5 - RCE
CVE-2014-9597
VideoLAN VLC media player <2.1.5 - RCE
CVE-2014-3440
Symantec Critical System Protection and Data Center Security - Authenticated Remote Code Execution via Log File Upload
CVE-2014-6197
IBM Security Network Protection <5.2.0.0 FP5-5.3.0.0 FP1 - CSRF
CVE-2014-9603
FFmpeg < 2.5.1 - Denial of Service via Sierra VMD Video Data
CVE-2014-9601
Pillow < 2.7.0 - Denial of Service via Decompressed PNG Text Chunk
CVE-2014-6382
Juniper Junos DoS via Crafted PAP Authenticate-Request
CVE-2014-8153
OpenStack Neutron 2014.2.x < 2014.2.2 - Authenticated Denial of Service via IPv6 Router Creation
Details
Vulnerabilities 12,636
Exploit Likelihood High