CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-1130
Simplemachines Smf < 1.1.12 - Improper Input Validation
CVE-2011-2118
Adobe Shockwave Player <11.6.0.626 - RCE
CVE-2011-2093
Adobe LiveCycle Data Services <3.1 - DoS
CVE-2011-2092
Adobe LiveCycle Data Services <3.1 - Deserialization
CVE-2011-1873
Windows 7 and Windows Server 2008 - Remote Code Execution via OpenType Font Parsing
CVE-2011-1272
Microsoft Excel 2002/2003/2007, Office 2004/2008 for Mac - RCE via Crafted Spreadsheet
CVE-2011-1268
Microsoft Windows SMB Client - Remote Code Execution via Crafted SMB Response
CVE-2011-0664
Microsoft .NET Framework/Silverlight RCE via Unvalidated Networking API Arguments
CVE-2011-2332
Google Chrome < 12.0.742.91 - Same Origin Policy Bypass via V8
CVE-2011-1813
Google Chrome < 12.0.742.91 - Denial of Service via Stale Pointer in Extension Framework
CVE-2011-1811
Google Chrome < 12.0.742.91 - Denial of Service via Excessive Form Submissions
CVE-2011-0082
Mozilla Firefox <4.0.1 - Info Disclosure
CVE-2011-2383
Microsoft IE < 9 - Improper Input Validation
CVE-2011-2382
Microsoft IE < 8 - Improper Input Validation
CVE-2011-2040
Cisco AnyConnect <2.5.3041, 3.0.x <3.0.629 - RCE
CVE-2011-2039
Cisco AnyConnect Secure Mobility Client <2.3.185 - RCE
CVE-2011-0730
Eucalyptus < 2.0.3 - Remote Code Execution via SOAP Request Signature Replay
CVE-2011-0546
Symantec Backup Exec 11.0-13.0 R2 - Unauthenticated NDMP Command Execution via Man-in-the-Middle
CVE-2011-1775
TigerVNC 1.1beta1 - Man-in-the-Middle
CVE-2011-1804
Google Chrome < 11.0.696.71 - Use-After-Free in Float Rendering
CVE-2011-1581
Linux Kernel < 2.6.39 - Denial of Service via Improper Queue Index Handling in Bonding Driver
CVE-2011-2170
Google Chrome OS <R12.433.38 - Info Disclosure
CVE-2011-1929
Dovecot 1.2.x < 1.2.17 and 2.0.x < 2.0.13 - Denial of Service via Null Character in Email Header
CVE-2011-0418
Pure-FTPd < 1.0.32 - Authenticated Denial of Service via Glob Expression Expansion
CVE-2011-2160
FFmpeg < 0.5.4 - Unspecified Impact via VC-1 Decoding
Details
Vulnerabilities 12,638
Exploit Likelihood High