CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2013-2633
Matomo < 1.11 - Information Exposure via POST Request Parameter Logging
CVE-2013-2279
CA SiteMinder Federation and Agent for SharePoint - XML Signature Spoofing via SAML Statement
CVE-2013-1051
APT 0.8.16 and 0.9.7 - Man-in-the-Middle Package Modification via InRelease File Handling
CVE-2013-0670
Siemens WinCC (TIA Portal) 11 - HTTP Response Splitting
CVE-2013-0669
Siemens WinCC (TIA Portal) 11 - DoS
CVE-2013-0716
Wind River VxWorks 5.5-6.9 - Denial of Service via Crafted URI
CVE-2013-0715
VxWorks 5.5-6.9 - Authenticated Denial of Service via WebCLI Command String
CVE-2013-0714
VxWorks 6.5-6.9 - Remote Code Execution or Denial of Service via Crafted Public-Key Authentication Request
CVE-2013-0713
VxWorks 6.5-6.9 - Authenticated Denial of Service via Crafted PTY Request
CVE-2013-0712
VxWorks 6.5-6.9 - Authenticated Denial of Service via Crafted SSH Packet
CVE-2013-0711
VxWorks 6.5-6.9 - Denial of Service via Crafted SSH Authentication Request
CVE-2013-1655
Puppet 2.7.0-2.7.20 and 3.1.0 - Remote Code Execution via Serialized Attributes
CVE-2013-1856
Ruby on Rails 3.0.x-3.1.x < 3.1.12 and 3.2.x < 3.2.13 - XML External Entity Injection via ActiveSupport::XmlMini_JDOM
CVE-2013-1854
Ruby on Rails 2.3.x < 2.3.18, 3.1.x < 3.1.12, 3.2.x < 3.2.13 - Denial of Service via Active Record Query Processing
CVE-2013-0505
IBM Sterling Order Management <9.2.0 - XPath Injection
CVE-2013-0331
Jenkins < 1.502 and LTS < 1.480.3 - Authenticated Denial of Service
CVE-2013-0252
Boost.Locale 1.48-1.52 - Improper Input Validation via UTF-8 Trailing Bytes
CVE-2013-2503
Privoxy < 3.0.21 - Proxy Authentication Spoofing via 407 Status Code
CVE-2013-0308
git < 1.8.1.3 - Man-in-the-Middle Attack via Improper Certificate Validation in imap-send
CVE-2013-1656
Spree Commerce 1.0.0-1.3.2 - Authenticated Remote Code Execution via Unsafe Constantize Function
CVE-2013-2488
Wireshark 1.6.x < 1.6.14 and 1.8.x < 1.8.6 - Denial of Service via DTLS Dissector Fragment Offset
CVE-2013-1819
Linux Kernel < 3.7.6 - Denial of Service via Invalid XFS Extent Map
CVE-2013-0292
dbus-glib < 0.100 - Privilege Escalation via Spoofed NameOwnerChanged Signal
CVE-2013-0198
dnsmasq < 2.65 - Denial of Service via Spoofed TCP DNS Queries
CVE-2013-1763
Linux Kernel < 3.4.34 - Local Privilege Escalation via Netlink Message Family Value
Details
Vulnerabilities 12,638
Exploit Likelihood High