CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2012-4669
M-Link R14.6-R14.6v14 and R15.1-R15.1v10 - Domain Spoofing via XMPP Server Dialback Response
CVE-2012-3525
jabberd2 <= 2.2.16 - Domain Spoofing via Unverified XMPP Server Dialback Response
CVE-2012-3301
IBM Lotus Domino <8.5.4 - CRLF Injection
CVE-2012-0853
FFmpeg 0.7.x < 0.7.12 and 0.8.x < 0.8.11 - Denial of Service via Atrac3 Codec Component Count
CVE-2012-4359
Sielco Sistemi Winlog Pro < 2.07.18 - Denial of Service via Crafted TCP Packet
CVE-2012-4358
Winlog Pro and Winlog Lite < 2.07.17 - Denial of Service via Crafted TCP Packet
CVE-2012-4357
Winlog Pro < 2.07.17 - Remote Code Execution via Invalid File-Pointer Index
CVE-2012-4295
Wireshark 1.8.x < 1.8.2 - Denial of Service via Crafted ERF Speed Value
CVE-2012-4292
Wireshark 1.4.x-1.4.14, 1.6.x-1.6.9, 1.8.x-1.8.1 - Denial of Service in STUN Dissector
CVE-2012-1535 HIGH KEV
Adobe Flash Player < 11.3.300.271 - Remote Code Execution via Crafted SWF Content
CVSS 7.8
CVE-2012-1850
Windows 7 and Windows Server 2008 - Denial of Service via Remote Administration Protocol
CVE-2012-2096
Fivestar module for Drupal 6.x-1.x - Remote Vote Manipulation via Negative Vote Parameter
CVE-2012-2330
Node.js <0.6.17 & <0.7.8 - Info Disclosure
CVE-2012-2368
Bytemark Symbiosis <Revision 1322 - Info Disclosure
CVE-2012-2965
Caucho Quercus <4.0.29 - Info Disclosure
CVE-2012-2964
BreakingPoint Storm <3.0 - Info Disclosure
CVE-2012-2136
Linux Kernel < 3.0.37 - Denial of Service via TUN/TAP Device
CVE-2012-2191
IBM Global Security Kit < 8.0.14.22 - Denial of Service via TLS Record Layer Crafted Values
CVE-2012-3429
bind-dyndb-ldap < 1.1.0 - Denial of Service via LDAP Distinguished Name Escape
CVE-2012-2490
Cisco IP Communicator 8.6 - Man in the Middle
CVE-2012-1015
MIT Kerberos 5 <1.9.5, <1.10.3 - RCE/DoS
CVE-2012-1367
Cisco IOS 12.0 12.2 15.0-15.2 - Denial of Service via BGP UPDATE Message
CVE-2012-3443
Django < 1.3.2 and 1.4.x < 1.4.1 - Denial of Service via ImageField Decompression
CVE-2012-0723
IBM VIOS 2.2.1.4-FP-25 SP-02 and AIX 5.3, 6.1, 7.1 - Denial of Service via dupmsg System Call
CVE-2012-3696
Safari < 6.0 - HTTP Request Splitting via WebSockets URI Handling
Details
Vulnerabilities 12,638
Exploit Likelihood High