CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-4720
Hillstone HS TFTP Server 1.3.2 - Denial of Service via Long Filename in RRQ or WRQ Operation
CVE-2011-1798
Google Chrome < 11.0.696.64 - Denial of Service via SVG Text Element Handling
CVE-2011-1793
Google Chrome < 11.0.696.65 - Denial of Service via Crafted SVG Document
CVE-2011-4953
cobbler < 2.2.2 - Remote Code Execution via YAML Deserialization
CVE-2011-4104
Django Tastypie < 0.9.10 - Remote Code Execution via YAML Deserialization
CVE-2011-4103
Django Piston <0.2.3 or <0.2.2.1 - Code Injection
CVE-2011-2198
gnome-terminal < 0.28.0 - Denial of Service via Insert-Blank-Characters Capability
CVE-2011-4407
Software Properties <0.81.13.3 - MITM
CVE-2011-3603
Router Advertisement Daemon <1.8.2 - Privilege Escalation
CVE-2011-3195
Domain Technologie Control < 0.34.1 - Authenticated Remote Code Execution via Mailing List Tunable Options
CVE-2011-2941
Red Hat JBoss Enterprise Portal Platform < 5.2.0 - Open Redirect via initialURI Parameter
CVE-2011-1749
nfs-utils < 1.2.4 - Local File Corruption via Small RLIMIT_FSIZE Value
CVE-2011-3605
Router Advertisement Daemon <1.8.2 - DoS
CVE-2011-4092
obby - SSL Certificate Validation Bypass via Arbitrary Certificate
CVE-2011-1594 MEDIUM
Red Hat Network Satellite - Open Redirect via URL Bounce Parameter
CVSS 6.5
CVE-2011-1780
Xen 3.0.3 - Denial of Service via Instruction Emulation Race Condition
CVE-2011-1166
Xen < 4.0.1 - Denial of Service via PV Guest User Mode Execution
CVE-2011-4106
TimThumb < 2.0 - Remote Code Execution via Domain Whitelist Bypass
CVE-2011-2391
Apple iOS < 7 - Denial of Service via Crafted ICMPv6 Packets
CVE-2011-3619
Linux Kernel < 3.0 - Denial of Service via AppArmor /proc/#####/attr/current Parameter Handling
CVE-2011-4318
Dovecot 2.0.x <2.0.16 - Man-in-the-Middle
CVE-2011-4575
JBoss Enterprise Application Platform, Web Platform, and BRMS Platform < 5.3.0 - Cross-Site Scripting in JMX Console
CVE-2011-5252
Orchard 1.0.x-1.0.20, 1.1.x-1.1.30, 1.2.x-1.2.41, 1.3.x-1.3.9 - Open Redirect via ReturnUrl Parameter
CVE-2011-5251
vBulletin < 4.1.3 - Open Redirect via Login URL Parameter
CVE-2011-4612
icecast < 2.3.2 - Log Injection via Crafted URL
Details
Vulnerabilities 12,638
Exploit Likelihood High