CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2012-3460 CRITICAL
Red Hat Enterprise MRG - Improper Input Validation
CVSS 9.8
CVE-2012-3543 HIGH
mono 2.10.x - Denial of Service via ASP.NET Web Form Hash Collision
CVSS 7.5
CVE-2012-2350 HIGH
pam_shield <0.9.4 - Info Disclosure
CVSS 7.5
CVE-2012-6135 HIGH
RubyGems passenger 4.0.0 beta1-beta2 - Arbitrary File Deletion
CVSS 7.5
CVE-2012-6070 HIGH
falconpl < 0.9.6.9 - Remote Security Check Bypass via libcurl API Misuse
CVSS 7.5
CVE-2012-4438 HIGH
Jenkins < 1.482 and LTS < 1.466.2 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2012-1168 HIGH
Moodle < 2.2.2 - Unauthenticated Password Reset via Profile Update
CVSS 8.2
CVE-2012-0051 HIGH
Tahoe-LAFS 1.9.0 - Remote File Corruption via Mutable File Integrity Check Bypass
CVSS 7.4
CVE-2012-6125 CRITICAL
Chicken < 4.8.0 - Denial of Service via Hash Table Collision
CVSS 9.8
CVE-2012-6123 MEDIUM
Chicken < 4.8.0 - Improper Input Validation via NUL Byte Handling
CVSS 6.5
CVE-2012-0694 CRITICAL
SugarCRM CE <= 6.3.1 - Code Injection
CVSS 9.8
CVE-2012-5360 HIGH
FFmpeg < 0.11 - Remote Code Execution via Crafted QT File
CVSS 8.8
CVE-2012-5359 HIGH
FFmpeg < 0.11 - Remote Code Execution via Crafted ASF File
CVSS 8.8
CVE-2012-6696 CRITICAL
inspircd < 2.0.5 - Denial of Service via Unsigned Integer Handling
CVSS 9.8
CVE-2012-1301 CRITICAL
Umbraco CMS 4.7.0 - Server-Side Request Forgery via FeedProxy.aspx URL Parameter
CVSS 9.8
CVE-2012-6687
FastCGI 2.4.0 - Denial of Service via Excessive Connections
CVE-2012-6656
Debian Linux < 2.16 - Improper Input Validation
CVE-2012-5621
ekiga < 3.9.90 - Denial of Service via Invalid UTF-8 Party Name in OPAL Connection
CVE-2012-5619
The Sleuth Kit 4.0.1 - Forensic Activity Hiding via Dotfile Handling
CVE-2012-6153
Apache Commons HttpClient < 4.2.3 - Improper Certificate Hostname Validation in AbstractVerifier
CVE-2012-2682
Red Hat Enterprise MRG 2.5 - Denial of Service via Non-ASCII Character in Link Name
CVE-2012-5336
owncloud < 4.0.8 - Authenticated Arbitrary File Read via WebDAV
CVE-2012-5572
Dancer < 1.3113 - CRLF Injection via Cookie Name
CVE-2012-6647
Linux Kernel < 3.5.1 - Denial of Service via FUTEX_WAIT_REQUEUE_PI Command
CVE-2012-5723
Cisco IOS XE < 3.8S - Denial of Service via Crafted ICMP Packets
Details
Vulnerabilities 12,638
Exploit Likelihood High