CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2012-4623
Cisco IOS 12.2-15.2 & IOS XE 2.1.x-3.3.xSG DoS via Malformed DHCPv6 Packet
CVE-2012-4617
Cisco IOS, IOS XE, and IOS XR - Denial of Service via Malformed BGP Attribute
CVE-2012-3949
Cisco Unified Communications Manager DoS via Crafted SIP Message
CVE-2012-2882
Google Chrome < 22.0.1229.79 - Denial of Service via OGG Container Handling
CVE-2012-2877
Google Chrome < 22.0.1229.79 - Denial of Service via Extension Modal Dialog Handling
CVE-2012-1103
notmuch < 0.11.1 - Arbitrary File Read via MML Tag Handling in Emacs Interface
CVE-2012-4655
Cisco Secure Desktop <3.6.6020 - RCE
CVE-2012-3451
Apache CXF < 2.4.9, 2.5.x < 2.5.5, 2.6.x < 2.6.2 - Remote Code Execution via SOAP Action Header
CVE-2012-3719
macOS < 10.7.5 - Remote Code Execution via Embedded Web Plugins in Mail
CVE-2012-4999
Mercury MR804 Router <8.0.3.8.1 Build - DoS
CVE-2012-4001
mod_pagespeed < 0.10.22.6 - Server-Side Request Forgery via Host Name Verification Bypass
CVE-2012-4922
Tor <0.2.2.39, 0.2.3.x <0.2.3.22-rc - DoS
CVE-2012-3572
OSCC MyMeeting < 3.0.1 and MyMesyuarat 09b-1 - Authenticated Remote Code Execution via Document Upload
CVE-2012-2981
Webmin < 1.590 - Authenticated Remote Code Execution via Monitor Type Name Parameter
CVE-2012-4388
PHP 5.4.0RC2-5.4.0 - HTTP Response Splitting via Carriage Return Bypass
CVE-2012-1108
TagLib < 1.7 - Denial of Service via Crafted Ogg VendorLength Field
CVE-2012-3540
OpenStack Horizon Essex (2012.1) - Open Redirect via Login Next Parameter
CVE-2012-1608
TYPO3 4.4.0-4.4.13 4.5.0-4.5.13 4.6.0-4.6.6 4.7 6.0 - Cross-Site Scripting Bypass via Non-Printable Characters
CVE-2012-3325
IBM WebSphere Application Server 6.1.x-8.5.x - Privilege Escalation
CVE-2012-2104
Munin 2.x - Remote Code Execution via Terminal Emulator Escape Sequence Injection
CVE-2012-1177
libgdata < 0.10.1 - Improper SSL Certificate Validation
CVE-2012-3485
Tunnelblick < 3.3beta20 - Privilege Escalation via argv[0] Pathname Manipulation
CVE-2012-4672
Apple iChat Server - Info Disclosure
CVE-2012-4671
psyced < 20120821 - Domain Spoofing via XMPP Server Dialback Response
CVE-2012-4670
Tigase XMPP Server < 5.1.0 - Domain Spoofing via Unverified Server Dialback Response
Details
Vulnerabilities 12,638
Exploit Likelihood High