CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,637 vulnerabilities with CWE-20
CVE-2013-7172 HIGH
Slackware - Local Privilege Escalation
CVSS 7.8
CVE-2013-7171 CRITICAL
Slackware <14.1 - Privilege Escalation
CVSS 9.8
CVE-2013-2093 CRITICAL
Dolibarr ERP/CRM 3.3.1 - Remote Code Execution via viewimage.php and barcode.lib.php
CVSS 9.8
CVE-2013-1816 HIGH
MediaWiki < 1.19.4 and 1.20.x < 1.20.3 - Denial of Service via Crafted Request
CVSS 7.5
CVE-2013-1889 HIGH
mod_ruid2 < 0.9.8 - Chroot Bypass via CGI Script File Descriptor Handling
CVSS 7.5
CVE-2013-1820 MEDIUM
tuned < 2.0.2 - Local Process Termination via Insecure ktune Service Permissions
CVSS 5.5
CVE-2013-1811 MEDIUM
MantisBT < 1.2.13 - Unauthenticated Issue Status Change via Reporter Permissions
CVSS 4.3
CVE-2013-1751 CRITICAL
TWiki < 5.1.4 - Remote Code Execution via MAKETEXT Parameter
CVSS 9.8
CVE-2013-4409 CRITICAL
Djblets < 0.6.30 and Review Board < 1.7.15 - Remote Code Execution via JSON Request Parsing
CVSS 9.8
CVE-2013-2259 CRITICAL
Cryptocat < 2.0.22 - Arbitrary Code Execution on Firefox Conversation Overview
CVSS 9.8
CVE-2013-4103 CRITICAL
Cryptocat < 2.0.22 - Remote Script Injection via Improper Input Sanitization
CVSS 9.8
CVE-2013-4101 MEDIUM
Cryptocat < 2.0.22 - HTML Injection via Link Markup Decorator
CVSS 5.3
CVE-2013-4100 HIGH
Cryptocat < 2.0.22 - Remote Denial of Service via Username
CVSS 7.5
CVE-2013-0180 MEDIUM
Redis 2.6 - Insecure Temporary File Handling in /tmp/redis.ds
CVSS 5.5
CVE-2013-0178 MEDIUM
Redis < 2.6.0 - Insecure Temporary File Handling in /tmp/redis-%p.vm
CVSS 5.5
CVE-2013-0165 HIGH
OpenShift - Arbitrary File Write via /tmp File Creation
CVSS 7.3
CVE-2013-2227 HIGH
GLPI 0.83.7 - Local File Inclusion via common.tabs.php
CVSS 7.5
CVE-2013-4751 HIGH
php-symfony2-Validator - Info Disclosure
CVSS 8.1
CVE-2013-3718 MEDIUM
Evince - Denial of Service via Missing Page Count Check
CVSS 5.5
CVE-2013-1930 MEDIUM
MantisBT 1.2.12-1.2.14 - Authenticated Workflow Bypass
CVSS 4.3
CVE-2013-1910 CRITICAL
yum - Denial of Service via Trojan Horse Metadata File
CVSS 9.8
CVE-2013-7333 HIGH
Open Floodlight SDN Controller 0.90 - Denial of Service via Switch Disconnection
CVSS 7.5
CVE-2013-7483 CRITICAL
WordPress slidedeck2 <2.3.5 - File Inclusion
CVSS 9.8
CVE-2013-0267 HIGH
Apache VCL 2.1-2.2.1, 2.3-2.3.1 - Privilege Escalation, DoS, and XSS via Improper Data Validation
CVSS 8.8
CVE-2013-4366 CRITICAL
Apache HttpClient 4.3.x < 4.3.1 - Improper Input Validation in HttpClientBuilder
CVSS 9.8
Details
Vulnerabilities 12,637
Exploit Likelihood High