CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2013-1112
Cisco Carrier Routing System - Denial of Service via Malformed Packet Processing
CVE-2013-0964
Apple iOS <6.1 & Apple TV <5.2 - Info Disclosure
CVE-2013-0963
iPhone OS < 6.1 - Authentication Bypass via AppleID Certificate Validation Failure
CVE-2013-0654
GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01-8.0 - RCE
CVE-2013-0841
Google Chrome < 24.0.1312.56 - Denial of Service via Content-Blocking Array Index Error
CVE-2013-0655
Schneider Electric Software Update (SESU) Utility <1.0.x-1.1.x - RCE
CVE-2013-0837
Google Chrome <24.0.1312.52 - DoS
CVE-2013-0830
Google Chrome <24.0.1312.52 - Memory Corruption
CVE-2013-0156
Ruby on Rails JSON Processor YAML Deserialization Code Execution
CVE-2013-0757
Firefox 17.0.1 Flash Privileged Code Injection
CVE-2013-0747
Firefox < 18.0 - Clickjacking via Plugin Handler Mutation Event
CVE-2013-0005
Microsoft .NET Framework 3.5-4 - Denial of Service via WCF Replace Function
CVE-2013-0004
Microsoft .NET Framework Remote Code Execution via Crafted XAML Browser Application
CVE-2012-3338 MEDIUM
IBM InfoSphere Guardium 8.0, 8.01, 8.2 - Unauthenticated User Account Creation via Improper Input Validation
CVSS 5.3
CVE-2012-5699 CRITICAL
babygekko < 1.2.4 - PHP File Inclusion
CVSS 9.8
CVE-2012-1326 HIGH
Cisco IronPort Web Security Appliance <= 7.5 - Improper Certificate Validation
CVSS 7.4
CVE-2012-0334 MEDIUM
Cisco IronPort Web Security Appliance AsyncOS <7.5 - Info Disclosure
CVSS 6.4
CVE-2012-4603 HIGH
Citrix XenApp Online Plug-in <12.1 & Citrix Receiver <3.2 - RCE
CVSS 7.8
CVE-2012-4030 HIGH
Chamilo < 1.8.8.6 - Arbitrary File Deletion via index.php Input Handling
CVSS 7.5
CVE-2012-6111 HIGH
gnome-keyring - Improper Input Validation
CVSS 7.5
CVE-2012-3409 HIGH
ecryptfs-utils 86-98 - Privilege Escalation via Improper Filesystem Mount Restrictions
CVSS 7.8
CVE-2012-4576 HIGH
FreeBSD - Privilege Escalation via Input Validation Flaw
CVSS 7.8
CVE-2012-2248 HIGH
dhclient 4.3.1-6 - Remote Code Execution via Embedded Path Variable
CVSS 8.1
CVE-2012-5582 CRITICAL
OpenDNSSEC - Denial of Service via libcurl API Misuse
CVSS 9.8
CVE-2012-4524 HIGH
xlockmore < 5.43 - Security Bypass via dclock Improper Input Validation
CVSS 7.5
Details
Vulnerabilities 12,638
Exploit Likelihood High