CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2013-5046
Microsoft Internet Explorer <11 - Privilege Escalation
CVE-2013-5045
Microsoft Internet Explorer 10-11 - Privilege Escalation
CVE-2013-3903
Windows 8, Windows Server 2012, and Windows RT - Denial of Service via TrueType Font Parsing
CVE-2013-3899
Windows XP SP2/SP3 and Server 2003 SP2 - Privilege Escalation via Win32k.sys Address Validation
CVE-2013-4270
Linux Kernel < 3.11.5 - Local Privilege Escalation via net_ctl_permissions UID/GID Bypass
CVE-2013-7019
FFmpeg < 2.1 - Denial of Service via JPEG2000 Reduction Factor Validation
CVE-2013-7015
FFmpeg < 2.1 - Denial of Service via Flash Screen Video Height Validation
CVE-2013-7001
NowSMS Now SMS & MMS Gateway < 2013.11.15 - Denial of Service via Malformed MM1 Message
CVE-2013-7000
NowSMS Now SMS & MMS Gateway 2013.09.26 - Denial of Service via Malformed MM4 Message
CVE-2013-6389
Drupal 7.x < 7.24 - Open Redirect via Overlay Module
CVE-2013-0857
FFmpeg < 1.1 - Remote Code Execution via Crafted IFF PBM/ILBM Height Value
CVE-2013-0856
FFmpeg < 1.1 - Remote Code Execution via Crafted ALAC Data
CVE-2013-0854
FFmpeg < 1.1 - Remote Code Execution via Crafted MJPEG Data
CVE-2013-0849
FFmpeg < 1.1 - Remote Code Execution via Crafted RoQ Video Dimensions
CVE-2013-0846
FFmpeg < 1.1 - Out-of-Bounds Array Access via Crafted QDM2 Data
CVE-2013-4558
mod_dav_svn 1.7.11-1.7.13 and 1.8.1-1.8.4 - Denial of Service via Non-Canonical URL
CVE-2013-6636
Google Chrome < 31.0.1650.63 - Address Bar Spoofing via Modal Dialog Document Write
CVE-2013-6414
Ruby on Rails 3.x < 3.2.16 and 4.x < 4.0.2 - Denial of Service via Invalid MIME Type Header
CVE-2013-6003
Cybozu Garoon 3.1-3.5 SP5 - Authenticated CRLF Injection via Phone Messages Forwarding
CVE-2013-2825
Elecsys Director Gateway <2.6.32.11 - DoS
CVE-2013-6702
Cisco ONS 15454 Firmware < 9.8 - Denial of Service via Crafted Packets
CVE-2013-6705
Cisco IOS and IOS XE - Denial of Service via Crafted ARP Packet Sequence
CVE-2013-6703
Cisco ONS 15454 - Denial of Service via Crafted TLS/SSLv3 Packets
CVE-2013-6696
Cisco Adaptive Security Appliance Software - Denial of Service via Malformed DNS Response
CVE-2013-3707
Novell Open Enterprise Server - Denial of Service via HTTPSTK Service TCP Connection Handling
Details
Vulnerabilities 12,638
Exploit Likelihood High