CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2012-3691
Safari < 6.0 - Same Origin Policy Bypass via CSS Property Handling
CVE-2012-3689
Apple Safari < 6.0 - Same Origin Policy Bypass via Drag-and-Drop Event Handling
CVE-2012-3817
ISC BIND 9.4.x-9.7.6-P1, 9.8.x-9.8.3-P1, 9.9.x-9.9.1-P1, 9.6-ESV-R7-P1 - Denial of Service via DNSSEC Validation Cache
CVE-2012-0867
PostgreSQL <8.4.11, <9.0.7, <9.1.3 - Info Disclosure
CVE-2012-2140
Mail gem < 2.4.3 - Remote Code Execution via Shell Metacharacters in Sendmail/Exim Delivery
CVE-2012-1961
Firefox 4.x-13.0 and ESR 10.x - Clickjacking via Duplicate X-Frame-Options Header Handling
CVE-2012-4032
WebsitePanel < 1.2.2.1 - Open Redirect via ReturnUrl Parameter
CVE-2012-3371
OpenStack Compute Folsom/Essex (2012.2/2012.1) - DoS via Scheduler Hints
CVE-2012-0801
Moodle <2.1.4 & <2.2.1 - Info Disclosure
CVE-2012-0795
Moodle 1.9.x < 1.9.16, 2.0.x < 2.0.7, 2.1.x < 2.1.4, 2.2.x < 2.2.1 - Authenticated Email Address Validation Bypass
CVE-2012-4026
Johnson Controls Pegasys P2000 Server Software < 3.11 - False Alert Injection via TCP Port 41013
CVE-2012-2279
RSA Authentication Manager < 7.1 SP4 P14 and RSA SecurID Appliance < 3.0 SP4 P14 - Open Redirect
CVE-2012-3399
Basilic 1.5.14 - Remote Command Execution via Config/diff.php File Parameter
CVE-2012-1893
Windows 7 and Windows Server 2008 - Privilege Escalation via Win32k.sys Callback Parameter Validation
CVE-2012-1890
Windows win32k.sys - Local Privilege Escalation via Keyboard Layout File Handling
CVE-2012-1862
Microsoft SharePoint Server 2007 SP2 and SP3 - Open Redirect via Crafted URL
CVE-2012-2318
Pidgin < 2.10.4 - Denial of Service via MSN Protocol Text/Plain Message
CVE-2012-1147
Apple Mac OS X < 2.0.1 - Improper Input Validation
CVE-2012-2825
Google Chrome < 20.0.1132.43 - Denial of Service via XSL Implementation
CVE-2012-2820
Google Chrome < 20.0.1132.43 - Denial of Service via SVG Filter Out-of-Bounds Read
CVE-2012-2819
Google Chrome < 20.0.1132.43 - Denial of Service via WebGL texSubImage2D Floating-Point Texture Upload
CVE-2012-2727
Janrain Capture <7.x-1.0 - Open Redirect
CVE-2012-2705
Drupal Smart Breadcrumb <6.x-1.3 - XSS
CVE-2012-2654
OpenStack Compute - Privilege Escalation
CVE-2012-2496
Cisco AnyConnect Secure Mobility Client 3.x - Remote Code Execution via WebLaunch Java Applet
Details
Vulnerabilities 12,638
Exploit Likelihood High