CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,636 vulnerabilities with CWE-20
CVE-2014-3796
VMware NSX and vCloud Networking and Security - Information Disclosure via Improper Input Validation
CVE-2014-3609
Squid 3.x < 3.3.12 and 3.4.x < 3.4.6 - Denial of Service via Crafted Range Headers
CVE-2014-5460
Tribulant Slideshow Gallery < 1.4.7 - Authenticated Arbitrary File Upload
CVE-2014-3348
Cisco Integrated Management Controller < 2.3.1 - Denial of Service via Crafted SSH Packet
CVE-2014-3343
Cisco IOS XR 5.1 - Denial of Service via Malformed DHCPv6 Packet
CVE-2014-4068
Microsoft Lync Server 2010 and 2013 - Denial of Service via Crafted Call
CVE-2014-6029
TorrentFlux 2.4 - Authenticated Cookie Manipulation via Profile Edit Action
CVE-2014-6028
TorrentFlux 2.4 - Authenticated Cookie Disclosure via Profile Edit Action
CVE-2014-2957
Exim < 4.82.1 - Remote Code Execution via DMARC From Header Processing
CVE-2014-3095
IBM DB2 9.5-10.5 - Authenticated Denial of Service via UNION Clause in Subquery
CVE-2014-5472
Linux Kernel < 3.16.1 - Denial of Service via Crafted ISO9660 Image with Self-Referential CL Entry
CVE-2014-3352
Cisco Cloud Portal < 2008.3_SP9 - Information Disclosure via iFrame Session Handling
CVE-2014-3349
Cisco Cloud Portal - Authenticated Arbitrary File Upload via File Submission
CVE-2014-3346
Cisco Transport Gateway Installation ... - Improper Input Validation
CVE-2014-5398
Schneider Electric Wonderware Information Server Portal 4.0 SP1-5.5 - XML External Entity Injection
CVE-2014-0762
CG Automation ePAQ-9410 Substation Gateway - Denial of Service via DNP3 Driver Input Validation
CVE-2014-0761
CG Automation ePAQ-9410 Substation Gateway - Denial of Service via Crafted DNP3 TCP Packet
CVE-2014-5336
Monkey HTTP Server < 1.5.3 - Denial of Service via Custom Error Message Handling
CVE-2014-0480
Django <1.4.14, <1.5.9, <1.6.6, <1.7 - XSS
CVE-2014-3335
Cisco IOS XR < 4.3.2 - Denial of Service via NetFlow Sampling of Multicast Packets
CVE-2014-3589
Debian Python-imaging < 2.3.1 - Improper Input Validation
CVE-2014-5120
PHP 5.4.x-5.4.31 and 5.5.x-5.5.15 - Arbitrary File Overwrite via GD Image Function Pathname
CVE-2014-5243
MediaWiki < 1.19.18, 1.20.x-1.22.x < 1.22.9, 1.23.x < 1.23.2 - Clickjacking via IFRAME Protection Bypass
CVE-2014-3331
Cisco ASR 5000 Series Software 11.0-12.2, 14.0-17.0 - Denial of Service via Crafted TCP Packet
CVE-2014-3338
Cisco Unified Communications Manager 10.0(1) - Authenticated Privilege Escalation via Kerberos SSO Token
Details
Vulnerabilities 12,636
Exploit Likelihood High