CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,637 vulnerabilities with CWE-20
CVE-2013-3983
IBM Sametime 8.5.2-8.5.2.1 and 9.x-9.0.0.1 - Open Redirect via Cookie Header
CVE-2013-2829
MatrikonOPC SCADA DNP3 OPC Server <= 1.2.2.0 - Denial of Service via Malformed DNP3 Packet
CVE-2013-2191
python-bugzilla < 0.9.0 - Man-in-the-Middle Attack via Unvalidated X.509 Certificates
CVE-2013-6482
Pidgin < 2.10.8 - Denial of Service via Crafted MSN SOAP or OIM XML Response
CVE-2013-2038
gpsd < 3.9 - Denial of Service via Malformed NMEA0183 $GPGGA Sentence
CVE-2013-6486
Pidgin < 2.10.8 - Remote Code Execution via file: URL Handler
CVE-2013-6484
Pidgin < 2.10.8 - Denial of Service via STUN Protocol Socket Read Error
CVE-2013-6483
Pidgin < 2.10.8 - Denial of Service via XMPP IQ Reply Spoofing
CVE-2013-6478
Pidgin < 2.10.8 - Denial of Service via Long URL Tooltip
CVE-2013-7179
Seowon Intech SWC-9100 - OS Command Injection via ping_ipaddr Parameter
CVE-2013-6032
Lexmark Printers - Unauthenticated Administrative Password Removal via vac.255.GENPASSWORD Parameter
CVE-2013-7177
cyrus-imap <0.8.11 - Remote Command Injection
CVE-2013-7176
Postfix <0.8.11 - Remote Code Execution
CVE-2013-6143
Schneider Electric Telvent SAGE 3030 Firmware C3413-500-001D3_P4 and C3413-500-001F0_PB - DoS via Malformed DNP3 Traffic
CVE-2013-6650
Debian Linux < 32.0.1700.101 - Improper Input Validation
CVE-2013-6747
IBM GSKit 7.x < 7.0.4.48 and 8.x < 8.0.50.16 - Denial of Service via Malformed X.509 Certificate Chain
CVE-2013-5350
OpenPNE <3.6.13.1-3.8.9.1 - Code Injection
CVE-2013-7306
Brocade ADX - Denial of Service via OSPF LSA Packet with Duplicate Link State ID
CVE-2013-3606
Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 - Denial of Service via Long Username
CVE-2013-3595
Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 - Authenticated Denial of Service via OSPF URL
CVE-2013-3594
Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 - Denial of Service via SSH Packet Flood
CVE-2013-2185
Apache Tomcat < 7.0.39 - Arbitrary File Write via DiskFileItem Deserialization
CVE-2013-2037
Canonical Ubuntu Linux < 0.7.2 - Improper Input Validation
CVE-2013-6325
IBM WebSphere Application Server DoS via Crafted Web Services Request
CVE-2013-7294
libreswan < 3.7 - Denial of Service via IKEv2 I1 Notification Without KE Payload
Details
Vulnerabilities 12,637
Exploit Likelihood High