CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-1443
Google Chrome < 11.0.696.57 - Denial of Service via Stale Pointers
CVE-2011-1442
Google Chrome < 11.0.696.57 - Denial of Service via Mutation Event Handling
CVE-2011-1438
Google Chrome < 11.0.696.57 - Same Origin Policy Bypass via Blob Handling
CVE-2011-1436
Google Chrome < 11.0.696.57 - Denial of Service via X Window System Interaction
CVE-2011-1434
Google Chrome < 11.0.696.57 - Denial of Service via MIME Data Handling
CVE-2011-1303
Google Chrome < 11.0.696.57 - Denial of Service via Stale Pointer in Floating Object Handling
CVE-2011-1739
FreeBSD 7.4-8.2 - Unauthenticated Access Restriction Bypass via NFS Mount Request
CVE-2011-1538
HP Proliant Support Pack <8.7 - Open Redirect
CVE-2011-1495
Linux kernel <2.6.38 - Privilege Escalation
CVE-2011-1842
D-Bus backend - Privilege Escalation
CVE-2011-1718
CA SiteMinder <R6 SP6 CR2/R12 SP3 CR2 - Privilege Escalation
CVE-2011-1599
Asterisk < 1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3, C.3.6.4 - Remote Command Execution via Manager Interface
CVE-2011-1580
MediaWiki < 1.16.3 - Authenticated Privilege Escalation via Transwiki Import
CVE-2011-1579
MediaWiki < 1.16.3 - Cross-Site Scripting via CSS Comment Hex Encoding
CVE-2011-0285
MIT Kerberos 5 1.7-1.9 - Remote Code Execution via Crafted Password Change Request
CVE-2011-0661
Microsoft Windows SMB Server - Remote Code Execution via Malformed SMB Request
CVE-2011-0660
Microsoft Windows - Remote Code Execution via Crafted SMB Response
CVE-2011-0657 CRITICAL
Microsoft Windows DNS Client - Remote Code Execution via Crafted DNS Query
CVSS 9.8
CVE-2011-0656
Microsoft PowerPoint - Remote Code Execution via Malformed PersistDirectoryEntry Record
CVE-2011-0655
Microsoft PowerPoint 2007 SP2 and 2010 - Remote Code Execution via TimeColorBehaviorContainer Record
CVE-2011-0996
dhcpcd < 5.2.10 - Remote Code Execution via Shell Metacharacters in DHCP Hostname
CVE-2011-1679
ncpfs <= 2.2.6 - Local File Corruption via RLIMIT_FSIZE Resource Limit Bypass
CVE-2011-1678
Samba < 3.5.8 - Local File Corruption via Resource Limit Bypass
CVE-2011-1163
Linux Kernel < 2.6.38 - Information Disclosure via OSF Partition Table Parsing
CVE-2011-0463
Linux Kernel < 2.6.39-rc1 - Information Disclosure in OCFS2 Hole Handling
Details
Vulnerabilities 12,638
Exploit Likelihood High