CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,642 vulnerabilities with CWE-20
CVE-2009-1233
Apple Safari 3.2.2 and 4 Beta - Denial of Service via Nested A Elements in XML Document
CVE-2009-1232
Firefox <= 3.0.10 - Denial of Service via Malformed XML Document
CVE-2009-1219
Sun Java System Calendar Server 6 2004Q2-6.3-7.01 - Denial of Service via tzid Parameter
CVE-2009-0790
strongswan 2.6-2.6.20, 2.4-2.4.13, 4.2-4.2.13, 2.8-2.8.8 - Denial of Service via Crafted DPD IKE Notification Message
CVE-2009-0843
MapServer 4.x-4.10.3 and 5.x-5.2.1 - Information Disclosure via msLoadQuery Pathname Check
CVE-2009-1172
IBM WebSphere Application Server 6.1-7.0 - Improper Input Validation in JAX-RPC WS-Security UsernameToken
CVE-2009-1171
Moodle 1.6-1.6.9 1.7-1.7.7 1.8-1.8.9 1.9-1.9.5 - Arbitrary File Read via TeX Filter Input Command
CVE-2009-0845
MIT Kerberos 5 1.5-1.6.3 - Denial of Service via Invalid SPNEGO ContextFlags
CVE-2009-1149
phpMyAdmin < 3.1.3.1 - HTTP Response Splitting via BLOB Streaming CRLF Injection
CVE-2009-1106
JDK and JRE 6 Update 10-12 - Improper Input Validation in Crossdomain.xml Parser
CVE-2009-1087
PPLive < 1.9.21 - Remote Code Execution via URI Handler Argument Injection
CVE-2009-1082
Sun Java System Identity Manager 7.0-8.0 - Authenticated Privilege Escalation via Admin Console Commands
CVE-2009-1062
Adobe Acrobat and Acrobat Reader < 9.1 - Remote Code Execution via JBIG2 Image Handling
CVE-2009-1061
Adobe Acrobat Reader 7.0-7.1.1 - Remote Code Execution via JBIG2 Input Validation
CVE-2009-1045
VLC Media Player 0.9.8a - Denial of Service via Long Input Argument in requests/status.xml
CVE-2009-0927 HIGH KEV
Adobe Acrobat Reader 7.0-7.1.1 - Remote Code Execution via Collab.getIcon Method
CVSS 8.8
CVE-2009-0661
WeeChat 0.2.6 - Denial of Service via Crafted IRC PRIVMSG Color Codes
CVE-2009-0912
Mandriva Multi Network Firewall - Privilege Escalation via Configuration File String Handling
CVE-2009-0582
Evolution Data Server <2.24.5 & <2.25.x - Info Disclosure/DoS
CVE-2009-0016
Apple iTunes < 8.1 - Denial of Service via DAAP Content-Length Header
CVE-2009-0879
IBM Director < 5.20.3 - Denial of Service via Long Consumer Name
CVE-2009-0871
Asterisk 1.4.22-1.4.23.1, 1.6.0 < 1.6.0.6, 1.6.1 < 1.6.1.0-rc2, and Business Edition C.2.3 - DoS via SIP INVITE
CVE-2009-0234
Windows DNS Server - Info Disclosure
CVE-2009-0233
Windows DNS Server - Info Disclosure
CVE-2009-0093
Windows DNS Server - Man-in-the-Middle
Details
Vulnerabilities 12,642
Exploit Likelihood High