CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2013-1321
Microsoft Publisher <2003 SP3 - RCE
CVE-2013-1318
Microsoft Publisher 2003 SP3 - Remote Code Execution via Crafted Publisher File
CVE-2013-1316
Microsoft Publisher <2003 SP3 - RCE
CVE-2013-1952
Xen 4.x - Denial of Service via MSI Interrupt Remapping Table Entry Access
CVE-2013-1917
Xen 3.1-4.x - Denial of Service via Improper NT Flag Handling
CVE-2013-0939
EMC Documentum <6.7 SP2 - Info Disclosure
CVE-2013-0520
IBM Sterling Secure Proxy <3.3.01.23 - Info Disclosure
CVE-2013-0518
IBM Sterling Secure Proxy <3.3.01.23-3.4.1.7 - CSRF
CVE-2013-1223
Cisco Unified Customer Voice Portal <9.0.1 ES 11 - Info Disclosure
CVE-2013-0686
Invensys Wonderware Information Server - XXE
CVE-2013-3512
GroundWork Monitor Enterprise 6.7.0 - Authenticated Configuration Manipulation via Cacti Component
CVE-2013-3511
GroundWork Monitor Enterprise 6.7.0 - Open Redirect via NeDi Component
CVE-2013-1240
Cisco Unified Communications Manager - Unauthenticated Arbitrary File Read via Command-Line Interface
CVE-2013-1232
Cisco WebEx Meetings Server and Node - Information Disclosure via HTTP Request
CVE-2013-3242
Joomla! <2.5.10-3.0.4 - Code Injection
CVE-2013-1231
Cisco WebEx Meetings Server and WebEx Node for MCS - Information Disclosure via HTTP Cache File Read
CVE-2013-0945
EMC Avamar Client <6.1.101-89 - Man-in-the-middle
CVE-2013-3266
FreeBSD <9.1-RELEASE-p3 - Memory Corruption
CVE-2013-1229
Cisco TelePresence Management Suite - DoS
CVE-2013-0699
Galil RIO-47100 Pocket PLC - Denial of Service via Repeated Requests
CVE-2013-1196
Cisco Secure ACS - Privilege Escalation
CVE-2013-0175
multi_xml < 0.5.2 - Remote Code Execution via YAML/Symbol Type Conversion
CVE-2013-1192
Cisco Adaptive Security Appliance Device Manager - Remote Code Execution via Crafted JNLP File
CVE-2013-1184
Cisco Unified Computing System Manager < 1.2(1b) - Denial of Service via Malformed XML API Request
CVE-2013-1181
Cisco NX-OS 4.x-5.x - Denial of Service via Jumbo Packet to Management Interface
Details
Vulnerabilities 12,638
Exploit Likelihood High