CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-4415
Apache HTTP Server 2.0.x-2.0.64 and 2.2.x-2.2.21 - Denial of Service via mod_setenvif SetEnvIf Directive
CVE-2011-3872
Puppet 2.6.x < 2.6.12 and 2.7.x < 2.7.6 - Certificate Spoofing via X.509 Subject Alternative Name Field
CVE-2011-3886
Google V8 - Denial of Service via Out-of-Bounds Write
CVE-2011-3884
Google Chrome < 15.0.874.102 - Denial of Service via DOM Traversal Timing Issue
CVE-2011-3880
Google Chrome <15.0.874.102 - Info Disclosure
CVE-2011-3875
Google Chrome < 15.0.874.102 - URL Bar Spoofing via Drag and Drop
CVE-2011-2845
Google Chrome < 15.0.874.102 - URL Bar Spoofing via History Data Handling
CVE-2011-2058 HIGH
Cisco IOS 12.2 < 12.2(33)SXI7 - Denial of Service via External Loop in cat6000-dot1x Component
CVSS 7.5
CVE-2011-2057 HIGH
Cisco IOS 12.2 < 12.2(33)SXI7 - Denial of Service via Spanning Tree Protocol BPDU Frame Storm
CVSS 7.5
CVE-2011-4063
Asterisk Open Source <1.8.7.1, <10.0.0-rc1 - DoS
CVE-2011-4151
MIT Kerberos 5 1.8-1.8.4 - Denial of Service via KDC Lockout Audit Function
CVE-2011-1529
MIT Kerberos 5 1.8-1.8.4 and 1.9-1.9.1 - Denial of Service via KDC Lockout Policy Lookup
CVE-2011-1528
MIT Kerberos 5 <1.8.4, <1.9.1 - DoS
CVE-2011-1527
MIT Kerberos 5 1.9-1.9.1 - Denial of Service via Incorrect Realm Case in KDC LDAP Plugin
CVE-2011-4139
Django <1.2.7 & <1.3.1 - Cache Poisoning
CVE-2011-4138
Django < 1.2.7 and 1.3.x < 1.3.1 - Server-Side Request Forgery via URLField Redirect Handling
CVE-2011-4136
Django <1.2.7 & <1.3.1 - Info Disclosure
CVE-2011-3227
Mac OS X < 10.7.2 - Remote Code Execution or Denial of Service via Crafted CRL Extension
CVE-2011-2012
Microsoft Forefront Unified Access Gateway 2010 - Denial of Service via Session Cookie Validation
CVE-2011-2008
Microsoft Host Integration Server 2004 SP1, 2006 SP1, 2009, 2010 - Denial of Service via Crafted TCP or UDP Traffic
CVE-2011-2007
Microsoft Host Integration Server 2004 SP1, 2006 SP1, 2009, 2010 - Denial of Service via Crafted TCP or UDP Traffic
CVE-2011-2002
Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, Windows 7 Gold/SP1 - Denial of Service via TrueType Font Handling
CVE-2011-1997
Microsoft Internet Explorer 6 - RCE
CVE-2011-3368
Apache HTTP Server 1.3.x-1.3.42, 2.0.x-2.0.64, 2.2.x-2.2.21 SSRF via Malformed URI with @
CVE-2011-1159
acpid < 2.0.9 - Denial of Service via Unread Socket Connection
Details
Vulnerabilities 12,638
Exploit Likelihood High