CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-2512
qemu-kvm < 0.14.0 - Denial of Service via Negative Virtqueue Number
CVE-2011-1751
qemu - Denial of Service via PIIX4 Power Management PCI-ISA Bridge Unplug
CVE-2011-4409
Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS - SSL Certificate Validation Bypass
CVE-2011-3363 MEDIUM
Linux Kernel < 2.6.39 - Denial of Service via CIFS DFS Referral Handling
CVSS 6.5
CVE-2011-2518
Linux Kernel < 2.6.39.2 - Denial of Service via TOMOYO Mount ACL NULL Device Name
CVE-2011-3097
Google Chrome < 19.0.1084.45 - Denial of Service via PDF Sampled Function Out-of-Bounds Write
CVE-2011-3095
Google Chrome < 19.0.1084.45 - Denial of Service via OGG Container Out-of-Bounds Write
CVE-2011-3094
Google Chrome < 19.0.1084.45 - Denial of Service via Tibetan Text Handling
CVE-2011-3093
Google Chrome < 19.0.1084.45 - Denial of Service via Glyph Handling
CVE-2011-3092
Google Chrome < 19.0.1084.45 - Denial of Service via Regex Implementation
CVE-2011-4231
Cisco IOS 15.1-15.2 and IOS XE 3.x - Authenticated Denial of Service via IPsec X.509 Certificate Handling
CVE-2011-4016
Cisco IOS 12.2, 15.0-15.2 - Denial of Service via Crafted PPP Network Traffic
CVE-2011-4015
Cisco IOS 15.2S - Denial of Service via Malformed UDP Traffic on Port 465
CVE-2011-4007
Cisco IOS 15.0-15.1 and IOS XE 3.x - Denial of Service via MPLS Experimental Imposition Command
CVE-2011-4006
Cisco Adaptive Security Appliance Software 8.2-8.5 - Denial of Service via ESMTP Inspection
CVE-2011-3295
Cisco IOS XR 3.8-4.1 - Denial of Service via Crafted Network Traffic
CVE-2011-3285
Cisco Adaptive Security Appliance Software 8.0-8.4 - HTTP Response Splitting via CRLF Injection
CVE-2011-3283
Cisco Carrier Routing System 3.9.1 - Denial of Service via Fragmented GRE Packet
CVE-2011-2586
Cisco IOS 12.4 and 15.0 - Denial of Service via Malformed HTTP Response
CVE-2011-2583
Cisco Unified Contact Center Express 8.0 and 8.5 - Denial of Service via Network Traffic
CVE-2011-5086
Unitronics UniOPC < 1.3.8 - Denial of Service or Remote Code Execution via Crafted Website
CVE-2011-4871
OPC Systems.NET < 4.0 - Denial of Service via Malformed .NET RPC Packet
CVE-2011-4883
atvise webMI2ADS < 2.0.2 - Denial of Service via HTTP Request Validation Bypass
CVE-2011-3063
Google Chrome < 18.0.1025.142 - Improper Input Validation in Navigation Requests
CVE-2011-4818
IBM Maximo Asset Management 6.2, 7.1, 7.5 Open Redirect via uisessionid
Details
Vulnerabilities 12,638
Exploit Likelihood High