CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-3004
Firefox 4.x-6 and SeaMonkey < 2.4 - Privilege Escalation via JSSubScriptLoader XPCNativeWrapper Unwrapping
CVE-2011-2430
Adobe Flash Player < 10.3.183.10 - Remote Code Execution via Crafted Streaming Media
CVE-2011-2428
Adobe Flash Player < 10.3.183.10 - Remote Code Execution
CVE-2011-3484
Wireshark 1.6.x < 1.6.2 - Denial of Service via OpenSafety Dissector Frame Size Validation
CVE-2011-2861
Google Chrome < 14.0.835.163 - Remote Code Execution via PDF String Handling
CVE-2011-2848
Google Chrome < 14.0.835.163 - URL Bar Spoofing via Forward Button
CVE-2011-2842
Google Chrome < 14.0.835.163 - Unspecified Impact via Lock File Handling
CVE-2011-2841
Google Chrome < 14.0.835.163 - Denial of Service via PDF Garbage Collection
CVE-2011-2840
Google Chrome < 14.0.835.163 - URL Bar Spoofing via Unusual User Interaction
CVE-2011-2838
Google Chrome < 14.0.835.163 - Improper Input Validation in Plug-in MIME Type Handling
CVE-2011-3496
Measuresoft ScadaPro <4.0.0 - Command Injection
CVE-2011-3211
Bcfg2 < 1.1.2 - Remote Code Execution via Shell Metacharacter Injection
CVE-2011-2442
Adobe Acrobat Reader 8.x-8.3.0, 9.x-9.4.5, 10.x-10.1.0 - Remote Code Execution
CVE-2011-1989
Microsoft Excel <2011 - Info Disclosure
CVE-2011-1982
Microsoft Office 2007 SP2 and 2010 Gold/SP1 - Remote Code Execution via Crafted Word Document
CVE-2011-3422
Apple Mac OS X <10.6.8 - Man-In-The-Middle
CVE-2011-2724
Samba < 3.5.10 - Denial of Service via Improper Input Validation in check_mtab Function
CVE-2011-2660
vpnc < 0.5.1 - Remote Code Execution via DNS Domain Name
CVE-2011-2723
Linux Kernel < 2.6.39.4 - Denial of Service via GRO Header Field Reset
CVE-2011-2654
Novell Cloud Manager < 1.1.2 - Remote Code Execution via RPC Session Initialization
CVE-2011-3387
IBM Java 1.4.2 SR13 FP9 - Denial of Service via Crafted Class File Attribute Length
CVE-2011-2763
LifeSize Room Appliance Software - Remote Code Execution via gateway.php LSRoom_Remoting.doCommand
CVE-2011-2899
system-config-printer 0.6.x-0.7.x - Remote Code Execution via SMB NetBIOS or Workgroup Name
CVE-2011-0228
iPhone OS < 4.2.10 and 4.3.x < 4.3.5 - Man-in-the-Middle Attack via Improper X.509 Certificate Chain Validation
CVE-2011-3187
Ruby on Rails 3.0.5 - Improper Input Validation in X-Forwarded-For Header
Details
Vulnerabilities 12,638
Exploit Likelihood High