CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2013-3376
Cisco Video Surveillance Operations Manager - Open Redirect
CVE-2013-3675
FFmpeg < 1.2 - Denial of Service via Crafted LucasArts Smush Video Data
CVE-2013-3674
FFmpeg < 1.2 - Denial of Service via CD Graphics Video Data
CVE-2013-3672
FFmpeg < 1.2 - Denial of Service via Crafted ALG MM Video Data
CVE-2013-4083
Wireshark 1.6.x < 1.6.16, 1.8.x < 1.8.8, 1.10.0 - Denial of Service in DCP ETSI Dissector
CVE-2013-4078
Wireshark 1.8.x - Denial of Service in RDP Dissector
CVE-2013-2146
Linux Kernel < 3.8.9 - Denial of Service via Performance Events Subsystem Bitmask
CVE-2013-3955
iPhone OS 5.x-6.1.3 - Memory Corruption via Invalid AppleDouble File Header
CVE-2013-3954
Mac OS X 10.8.x - Denial of Service and Information Disclosure via posix_spawn File Actions
CVE-2013-3951
Apple iOS <8.2 and macOS <10.10.4 - Local Stack Cookie Randomization Bypass via stack-guard= Call-Path Prefix
CVE-2013-3948
Apple Iphone OS - Improper Input Validation
CVE-2013-1024
Mac OS X < 10.8.4 - Remote Code Execution via Crafted Movie File
CVE-2013-1013
Apple Safari < 6.0.5 - Cross-Site Scripting via XSS Auditor URL Rewrite Bypass
CVE-2013-3735 HIGH
PHP < 5.4.16 RC1 and 5.5.0 < RC2 - Denial of Service via Crafted Function Definition
CVSS 7.5
CVE-2013-2315
LOCKON EC-CUBE 2.11.0-2.12.3enP2 - Information Disclosure via Password Reminder Input Validation
CVE-2013-3556
Wireshark - Denial of Service via ASN.1 BER Dissector Pointer Dereference
CVE-2013-3555
Debian Linux - Improper Input Validation
CVE-2013-2083
Moodle < 2.2.10 - Improper Input Validation in MoodleQuickForm
CVE-2013-3634
SCALANCE X-200IRT Firmware < 5.1.0 - Unauthenticated SNMP Command Execution via Insufficient Credential Validation
CVE-2013-1014
Apple iTunes < 11.0.3 - Man-in-the-Middle Attack via Improper X.509 Certificate Verification
CVE-2013-3342
Adobe Reader/Acrobat <9.5.5-10.1.7-11.0.03 - Info Disclosure
CVE-2013-1671
Firefox < 21.0 - Full Pathname Disclosure via INPUT Element
CVE-2013-1245
Cisco WebEx Social - Authenticated Access Restriction Bypass via User-Management Page
CVE-2013-1236
Cisco TelePresence Supervisor MSE 8050 <2.3(1.31) - DoS
CVE-2013-1336
Microsoft .NET Framework <4.5 - Info Disclosure
Details
Vulnerabilities 12,638
Exploit Likelihood High