CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,638 vulnerabilities with CWE-20
CVE-2010-4548
IBM Lotus Notes Traveler < 8.5.1.2 - Authenticated Denial of Service via Meeting Invitation Acceptance
CVE-2010-3960
Microsoft Windows Server 2008 - Denial of Service via VMBus Encapsulated Packet
CVE-2010-3944
Windows 7 and Windows Server 2008 - Privilege Escalation via win32k.sys Input Validation
CVE-2010-3338
Windows Task Scheduler - Privilege Escalation via Security Context Mismanagement
CVE-2010-2571
Microsoft Publisher 2002 SP3 and 2003 SP3 - Remote Code Execution via Crafted Publisher 97 File
CVE-2010-4396
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.5 - Cross-Zone Scripting via HandleAction Method
CVE-2010-4388
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via HTML Component Injection
CVE-2010-4384
RealPlayer 11.0-11.1 - Remote Code Execution via Malformed Media Properties Header
CVE-2010-3774
Firefox < 3.5.16 and 3.6.x < 3.6.13 - Location Bar Spoofing via about:neterror and about:certerror Pages
CVE-2010-3768
Firefox < 3.5.16 and 3.6.x < 3.6.13 - Remote Code Execution via Malicious @font-face CSS Rules
CVE-2010-4171
SystemTap 1.3 - Denial of Service via Arbitrary Kernel Module Unloading
CVE-2010-4297
VMware Workstation/Player/Fusion/ESXi/ESX Command Injection via VMware Tools Update
CVE-2010-4254
Mono with Moonlight < 2.3.0 - Remote Code Execution via Generic Method Argument Validation Bypass
CVE-2010-3614
ISC BIND DNSSEC Validation Error DoS (9.x < 9.6.2-P3, 9.7.x < 9.7.2-P3, 9.4-ESV < 9.4-ESV-R4, 9.6-ESV < 9.6-ESV-R3)
CVE-2010-3827
iPhone OS < 4.2 - Configuration Profile Spoofing via Signature Validation Bypass
CVE-2010-2963
Linux Kernel <2.6.36 - Privilege Escalation
CVE-2010-2962
Linux Kernel <2.6.36 - Privilege Escalation
CVE-2010-3432
Linux Kernel < 2.6.35.6 - Denial of Service via SCTP Packet Handling
CVE-2010-3788
QuickTime in Mac OS X 10.6.x < 10.6.5 - Remote Code Execution via JP2 Image Processing
CVE-2010-1845
Apple Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Remote Code Execution or Denial of Service via Crafted PSD Image
CVE-2010-1844
Apple Mac OS X 10.6.x < 10.6.5 - Denial of Service via Crafted Image
CVE-2010-1843
Mac OS X 10.6.2-10.6.4 - Denial of Service via Crafted PIM Packet
CVE-2010-1841
Apple Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Remote Code Execution via Crafted UDIF Image
CVE-2010-1834
Mac OS X 10.6.x < 10.6.5 - Cookie Domain Validation Bypass
CVE-2010-1828
Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Denial of Service via AFP Server Reconnect Authentication Packets
Details
Vulnerabilities 12,638
Exploit Likelihood High