CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,636 vulnerabilities with CWE-20
CVE-2014-3314
Cisco AnyConnect Secure Mobility Client - Authentication Spoofing via Host Type Verification Bypass
CVE-2014-100039
Malwarebytes Anti-Exploit < 1.04.1.1012 - Denial of Service via IOCTL Call
CVE-2014-8036
Cisco WebEx Meetings Server - Unauthenticated Meeting Invite List Modification via Crafted URL
CVE-2014-9584
Linux kernel <3.18.2 - Info Disclosure
CVE-2014-9509
TYPO3 <4.5.39, 4.6.x-6.2.x<6.2.9, 7.x<7.0.2 - Info Disclosure
CVE-2014-0748
Cray Linux Environment < 4.2 - Privilege Escalation via Modified aprun Program
CVE-2014-3971
MongoDB 2.6.x - Denial of Service via Invalid X.509 Client Certificate Authentication
CVE-2014-9417
Huawei eSpace Desktop <V100R001C03 - DoS
CVE-2014-9415
Huawei eSpace Desktop <V100R001C03 - DoS
CVE-2014-7994
Cisco Meraki MS, MR, and MX Firmware < 2014-09-24 - Remote Code Execution via Local Network HTTP Handler
CVE-2014-6135
IBM Security Appscan - Improper Input Validation
CVE-2014-9378
Ettercap 0.8.1 - DoS/Code Injection
CVE-2014-7241
TSUTAYA < 5.3 - Remote Code Execution via Crafted HTML Document
CVE-2014-9371
ManageEngine Desktop Central MSP <90075 - RCE
CVE-2014-9358
Docker < 1.3.3 - Path Traversal via Image ID Spoofing
CVE-2014-6052
libvncserver < 0.9.9 - Denial of Service via Large Screen Size in FramebufferUpdate Message
CVE-2014-6210
IBM DB2 9.7-10.5 - Authenticated Denial of Service via ALTER TABLE Column Specification
CVE-2014-6209
IBM DB2 9.5-10.5 - Authenticated Denial of Service via ALTER TABLE Identity Column
CVE-2014-7840
QEMU < 2.1.3 - Remote Code Execution via Crafted SaveVM Data
CVE-2014-6381
Juniper WLC - Denial of Service via Proxy ARP or No Broadcast Feature
CVE-2014-4323
Linux kernel 3.x - Privilege Escalation
CVE-2014-1594
Mozilla Firefox <34.0, ESR 31.x<31.3, Thunderbird <31.3, SeaMonkey <2.31 - RCE via Type Confusion
CVE-2014-1590
Firefox < 31.2, SeaMonkey < 2.30, Thunderbird < 31.2 - Denial of Service via XMLHttpRequest.prototype.send
CVE-2014-1587
Mozilla Firefox <34 - Memory Corruption
CVE-2014-8680
ISC BIND 9.10.0-9.10.1 - Denial of Service via GeoIP Database Handling
Details
Vulnerabilities 12,636
Exploit Likelihood High