CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2012-0738
IBM Security AppScan Enterprise < 8.6.0.2 & Rational Policy Tester < 8.5.0.3 - MITM via Unvalidated X.509 Certificates
CVE-2012-2669
Linux Kernel <3.4.5 - Local Privilege Escalation
CVE-2012-5643
Squid <3.1.22-3.3.0.2 - Memory Corruption
CVE-2012-5968
Huawei E585 - Unauthenticated Sensitive Information Exposure and Session Hijacking
CVE-2012-4348
Symantec Endpoint Protection 11.0 < RU7-MP3 and 12.1 < RU2 - Authenticated Remote Code Execution via PHP Script Input
CVE-2012-5610
owncloud < 4.0.9 and 4.5.x < 4.5.2 - Authenticated Remote Code Execution via Crafted Filename
CVE-2012-5513
Xen < 4.2.0 - Denial of Service via XENMEM_exchange Handler
CVE-2012-2549
Windows Server 2008 R2 and 2012 - Revoked Certificate Bypass via IP-HTTPS Server
CVE-2012-6301
Android 4.0.3 - Denial of Service via Crafted Market URI in IFRAME
CVE-2012-5688
ISC BIND 9.8.x < 9.8.4-P1 and 9.9.x < 9.9.2-P1 - Denial of Service via Crafted DNS64 Query
CVE-2012-6062
Wireshark 1.6.x < 1.6.12 and 1.8.x < 1.8.4 - Denial of Service via RTCP Dissector Infinite Loop
CVE-2012-6059
Wireshark 1.6.x < 1.6.12 and 1.8.x < 1.8.4 - Denial of Service via ISAKMP Dissector
CVE-2012-4982
Forescout CounterACT <7.0 - Open Redirect
CVE-2012-4609
EMC RSA NetWitness Informer <2.0.5.6 - CSRF
CVE-2012-5534
WeeChat 0.3.0-0.3.9.1 - Remote Code Execution via Plugin Command Shell Expansion
CVE-2012-4222
Android 2.3-4.2 - Denial of Service via kgsl_ioctl NULL Pointer Dereference
CVE-2012-5136
Google Chrome < 23.0.1271.91 - Denial of Service via INPUT Element Handling
CVE-2012-6044
M-Player 0.4 - Denial of Service via Crafted MP3 File
CVE-2012-5520
OpenVAS Manager <3.0.4 - Command Injection
CVE-2012-4538
Xen 4.0-4.2 - Denial of Service via HVMOP_pagetable_dying Hypercall
CVE-2012-2246
Mahara 1.4.x < 1.4.5 and 1.5.x < 1.5.4 - Clickjacking and CSRF Bypass via Account Deletion
CVE-2012-0960
Unity-firefox-extension <2.4.1 - DoS/Code Injection
CVE-2012-6035
Xen 4.0-4.2 - Memory Corruption and Arbitrary Code Execution via TMEM Pool ID Validation
CVE-2012-6034
Xen 4.0-4.2 - Memory Corruption and Arbitrary Code Execution via TMEM Buffer Pointer Handling
CVE-2012-6031
Xen 4.0-4.2 - Denial of Service via TMEM do_tmem_get Spinlock Hang
Details
Vulnerabilities 12,638
Exploit Likelihood High