CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2012-0267
ntr_activex_control < 1.1.8 - Remote Code Execution via StopModule lModule Parameter
CVE-2011-20001 HIGH
SIMATIC S7-1200 CPU V1 and V2 families < V2.0.3 - Unauthenticated Denial of Service via Malformed HTTP Traffic
CVSS 7.5
CVE-2011-10020 HIGH
Kaillera Server < 0.86 - Unauthenticated Denial of Service via Malformed UDP Packet
CVE-2011-10008 HIGH
MPlayer Lite r33064 - Buffer Overflow
CVE-2011-4124 CRITICAL
calibre - Argument Injection and Privilege Escalation via linux_mount_helper.c
CVSS 9.8
CVE-2011-0220 MEDIUM
Apple Bonjour < 2011 - Denial of Service via Crafted Multicast DNS Packet
CVSS 5.5
CVE-2011-3611 HIGH
UseBB < 1.0.12 - Local File Inclusion via admin.php act Parameter
CVSS 7.2
CVE-2011-3203 CRITICAL
Jcow CMS 4.0-4.2 and 5.2 - Remote Code Execution via Attachment Parameter
CVSS 9.8
CVE-2011-4310 HIGH
CMS Made Simple < 1.9.4.3 - News Module Article Corruption via Improper Input Validation
CVSS 7.5
CVE-2011-4120 CRITICAL
Yubico PAM Module <2.10 - Auth Bypass
CVSS 9.8
CVE-2011-0529 HIGH
weborf < 0.12.5 - Denial of Service via Malformed HTTP Fields
CVSS 7.5
CVE-2011-1028 CRITICAL
Smarty 3.0.0-3.0.6 - Remote Code Execution via $smarty.template Variable
CVSS 9.8
CVE-2011-2922 HIGH
ktsuss < 1.4 - Privilege Escalation via GTK_MODULES Environment Variable
CVSS 7.8
CVE-2011-4968 MEDIUM
nginx - Man-in-the-Middle Attack via HTTP Proxy Module
CVSS 4.8
CVE-2011-4967 HIGH
tog-pegasus < 2.12 - Denial of Service via Package Hash Collision
CVSS 7.5
CVE-2011-0703 CRITICAL
gksu-polkit < 0.0.3 - Arbitrary Command Execution via xauth Source File
CVSS 9.8
CVE-2011-2897 CRITICAL
gdk-pixbuf <= 2.31.1 - Buffer Overflow in GIF Loader
CVSS 9.8
CVE-2011-2808 MEDIUM
Blink < M13 - Stale Layout Root Use-After-Free in Keygen Autofocus Handling
CVSS 6.5
CVE-2011-4904 MEDIUM
TYPO3 < 4.4.9 and 4.5.x < 4.5.4 - Unauthenticated Information Disclosure via ExtDirect Endpoint
CVSS 6.5
CVE-2011-4902 MEDIUM
TYPO3 < 4.3.12, 4.4.x < 4.4.9, 4.5.x < 4.5.4 - Arbitrary File Deletion
CVSS 6.5
CVE-2011-4182 HIGH
SUSE Linux Enterprise <0.83.7-2.1 - RCE
CVSS 7.3
CVE-2011-4181 HIGH
SUSE Open Build Service <2.1.15, <2.3 - Info Disclosure
CVSS 7.5
CVE-2011-0704 MEDIUM
389 Directory Server 1.2.7.5 - Denial of Service via Empty Modify Request
CVSS 5.9
CVE-2011-3477 MEDIUM
Symantec Backup Exec System Recovery 8.5 and BESR 2010 - Denial of Service via GEAR Software CD DVD Filter Driver
CVSS 5.5
CVE-2011-2902 MEDIUM
xpdf < 3.02-19 - Arbitrary File Deletion via Insecure Temporary File Handling
CVSS 5.3
Details
Vulnerabilities 12,638
Exploit Likelihood High