CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,636 vulnerabilities with CWE-20
CVE-2014-8966
Microsoft Internet Explorer <9 - Code Injection
CVE-2014-6376
Microsoft Internet Explorer 11 - Memory Corruption
CVE-2014-6375
Microsoft Internet Explorer 8 - Memory Corruption
CVE-2014-6373
Microsoft Internet Explorer 10 - Memory Corruption
CVE-2014-6369
Microsoft Internet Explorer <11 - Code Injection
CVE-2014-6368
Microsoft Internet Explorer 11 - Privilege Escalation
CVE-2014-6365
Microsoft Internet Explorer <11 - XSS
CVE-2014-6336
Microsoft Exchange Server 2013 SP1-CU6 - Open Redirect
CVE-2014-6328
Microsoft Internet Explorer 8-11 - XSS
CVE-2014-6327
Microsoft Internet Explorer 11 - Memory Corruption
CVE-2014-8010
Cisco Unified Communications Domain Manager 8 - Authenticated Remote Code Execution via Crafted Web Framework Values
CVE-2014-8003
Cisco Unified Computing System < 2.2(2c)A - Local Shell Access via Crafted map-nfs Command
CVE-2014-4465
Apple WebKit SVG CSS Token - Same Origin Policy Bypass
CVE-2014-9351
Teeworlds <0.6.3 - Memory Corruption
CVE-2014-9268
Autodesk Design Review <2013-1 - RCE
CVE-2014-9130
LibYAML 0.1.5 and 0.1.6 - Denial of Service via Line-Wrapping Assertion Failure
CVE-2014-7251
Yokogawa FAST/TOOLS < R9.05-SP2 - XML External Entity Injection
CVE-2014-8789
FileVista < 6.0.9 - Authenticated Arbitrary File Write via Zip Archive Extraction
CVE-2014-7178
Tuleap < 7.5.99.6 - Remote Code Execution via User-Agent Header
CVE-2014-9093
LibreOffice < 4.3.5 - Denial of Service and Possible Remote Code Execution via Crafted RTF File
CVE-2014-7142
Squid 3.x <3.4.8 - Info Disclosure/DoS
CVE-2014-6609
Asterisk 12.x < 12.5.1 - Authenticated Denial of Service via SIP SUBSCRIBE Headers
CVE-2014-2037
Openswan 2.6.40 - Denial of Service via Malformed IKEv2 Packets
CVE-2014-9038
WordPress < 3.7.5, 3.8.x < 3.8.5, 3.9.x < 3.9.3, 4.x < 4.0.1 - Server-Side Request Forgery via 127.0.0.0/8 Resource
CVE-2014-8420
SonicWALL Analyzer < 7.2 SP2 - Authenticated Remote Code Execution
Details
Vulnerabilities 12,636
Exploit Likelihood High