CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,636 vulnerabilities with CWE-20
CVE-2014-8544
FFmpeg < 2.4.2 - Denial of Service via TIFF Bits-Per-Pixel Validation
CVE-2014-8543
Canonical Ubuntu Linux < 2.4.1 - Improper Input Validation
CVE-2014-3710
PHP 5.4.34 - Denial of Service via Crafted ELF File in Fileinfo Component
CVE-2014-0490
advanced_package_tool < 1.0.8 - Remote Code Execution via Unvalidated Package Signatures
CVE-2014-0489
APT - Remote Code Execution via Crafted Package with Acquire::GzipIndexes Option
CVE-2014-0488
Advanced Package Tool - Improper Input Validation
CVE-2014-3955
FreeBSD 8.4-10.1-RC2 - Denial of Service via RIP Request from Non-Directly Connected Network
CVE-2014-0136
Red Hat CloudForms <5.x - Info Disclosure
CVE-2014-3137
Bottle < 0.10.12, 0.11.7, 0.12.6 - Unauthenticated Content-Type Restriction Bypass
CVE-2014-0476
chkrootkit < 0.50 - Local Privilege Escalation via Trojan Horse Executable
CVE-2014-1929
python-gnupg <0.3.7 - Code Injection
CVE-2014-1928
python-gnupg < 0.3.5 - OS Command Injection via Shell Metacharacter Bypass
CVE-2014-1927
python-gnupg 0.3.5 - Remote Code Execution via Shell Metacharacter Injection
CVE-2014-6611
BlackBerry World <5.0.0.262-5.1.0.53 - Info Disclosure
CVE-2014-6151
IBM Tivoli Integrated Portal 2.2.x - Authenticated CRLF Injection
CVE-2014-6230
wp-ban < 1.6.3 - Unauthenticated IP Blacklist Bypass via X-Forwarded-For Header
CVE-2014-4840
IBM TRIRIGA Application Platform <3.3.0.2-<3.4.0.1 - RCE
CVE-2014-4833
IBM Security QRadar SIEM <7.2 - Privilege Escalation
CVE-2014-4828
IBM Security QRadar SIEM <7.2 - CSRF
CVE-2014-3567
OpenSSL < 0.9.8zb - Denial of Service via Session Ticket Integrity Check Failure
CVE-2014-3513
OpenSSL 1.0.1 - Denial of Service via DTLS SRTP Handshake Message
CVE-2014-3021
IBM WebSphere Application Server 7.0-7.0.0.35 8.0-8.0.0.10 8.5-8.5.5.4 - Information Disclosure via HTTP Header Handling
CVE-2014-4443
macOS < 10.9.5 - Denial of Service via Crafted ASN.1 Data
CVE-2014-4442
macOS < 10.9.5 - Denial of Service via System Control Socket Message
CVE-2014-4434
macOS < 10.9.5 - Denial of Service via Crafted HFS Filename
Details
Vulnerabilities 12,636
Exploit Likelihood High