CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2011-1204
Google Chrome < 10.0.648.127 - Denial of Service via Crafted Document Attributes
CVE-2011-1197
Google Chrome < 10.0.648.127 - Denial of Service via Table Painting Stale Pointer
CVE-2011-1186
Google Chrome < 10.0.648.127 - Denial of Service via Parallel Print Method Calls
CVE-2011-0042 HIGH
Windows Media Player and Media Center - Remote Code Execution via Crafted DVR-MS File
CVSS 7.8
CVE-2011-1320
IBM WAS 6.1.0.x-7.0.0.15 - Info Disclosure
CVE-2011-1309
IBM Websphere Application Server - Improper Input Validation
CVE-2011-0051
Mozilla Firefox <3.5.17 & 3.6.x <3.6.14 - CSRF
CVE-2011-1118
Google Chrome < 9.0.597.107 - Denial of Service via TEXTAREA Element Handling
CVE-2011-1111
Google Chrome < 9.0.597.107 - Denial of Service via Forms Controls
CVE-2011-1110
Google Chrome < 9.0.597.107 - Use-After-Free via Stale Pointer in Key Frame Handling
CVE-2011-1109
Google Chrome < 9.0.597.107 - Denial of Service via CSS Stylesheet Node Processing
CVE-2011-1016
Linux Kernel < 2.6.38 - Arbitrary Memory Write via Radeon GPU AA Resolve Registers
CVE-2011-0925
Cisco Secure Desktop - Remote Code Execution via CSDWebInstallerCtrl ActiveX Control
CVE-2011-1018
Logwatch 7.3.6 - Remote Code Execution via Shell Metacharacters in Log File Name
CVE-2011-0926
Cisco Secure Desktop - Remote Code Execution via Spoofed CSD Installation Process
CVE-2011-0037
Microsoft Malware Protection Engine <1.1.6603.0 - Privilege Escalation
CVE-2011-1068
Microsoft Windows Azure SDK 1.3.x - Information Disclosure via Cookie State Handling
CVE-2011-1067
389 Directory Server < 1.2.8 - Denial of Service via Simple Paged Results Connections
CVE-2011-0019
389 Directory Server <1.2.7.5 - DoS
CVE-2011-1000
Telepathy Gabble 0.8-0.10.5 and 0.11-0.11.7 - Remote Audio and Video Call Interception via Crafted JingleInfo Stanza
CVE-2011-0721
shadow - CRLF Injection in chfn and chsh GECOS Field
CVE-2011-0431
OpenAFS - Denial of Service via afs_linux_lock Error Handling
CVE-2011-0987
phpMyAdmin 2.11.x < 2.11.11.3 and 3.3.x < 3.3.9.2 - Authenticated SQL Injection via Bookmark Query
CVE-2011-0986
phpMyAdmin 2.11.x < 2.11.11.2 and 3.3.x < 3.3.9.1 - Installation Path Disclosure via Missing File Request
CVE-2011-0983
Google Chrome < 9.0.597.94 - Denial of Service via Stale Pointer in Anonymous Block Handling
Details
Vulnerabilities 12,638
Exploit Likelihood High