Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-184

CWE-184

Incomplete List of Disallowed Inputs

Parent: CWE-693 - Protection Mechanism Failure

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

122 vulnerabilities with CWE-184

CVE-2021-31370 MEDIUM

Juniper Junos OS QFX5000/EX4600 <21.1R2 DoS via High-Rate Multicast Traffic

CVE-2021-25737 LOW

Kubernetes 1.16.0-1.18.18 - Unauthenticated Private Network Traffic Redirection via EndpointSlice IP Validation Bypass

CVE-2021-25631 HIGH

LibreOffice <7.1.2 & <7.0.5 - Code Injection

CVE-2021-1135 MEDIUM

Cisco Data Center Network Manager < 11.4(1) - Authenticated Unauthorized Data Access via REST API

CVE-2021-1255 MEDIUM

Cisco Data Center Network Manager < 11.4(1) - Authenticated REST API Authorization Bypass

CVE-2021-1133 MEDIUM

Cisco Data Center Network Manager < 11.4(1) - Authenticated REST API Authorization Bypass

CVE-2020-14372 HIGH

GRUB2 < 2.06 - Secure Boot Bypass via ACPI Table Injection

CVE-2020-3384 HIGH

Cisco Data Center Network Manager < 11.4(1) - Authenticated OS Command Injection via REST API

CVE-2020-5253 LOW

NetHack < 3.6.0 - Arbitrary Code Execution via Configuration File Escape Sequence

CVE-2019-9212 CRITICAL

SOFA-Hessian < 4.0.2 - Remote Code Execution via Hessian Deserialization

CVE-2018-16863 HIGH

Ghostscript 9.07 - Remote Code Execution via PostScript Document

CVE-2018-7489 CRITICAL

jackson-databind < 2.7.9.3, 2.8.0-2.8.11.1, < 2.9.5 - Remote Code Execution via Deserialization Bypass

CVE-2018-6383 HIGH

Monstra CMS < 3.0.4 - Authenticated Remote Code Execution via .pht or .phar File Upload

CVE-2018-5968 HIGH

FasterXML jackson-databind <2.8.11, 2.9.x<2.9.3 - RCE

CVE-2017-2602 LOW

Jenkins <2.44, 2.32.2 - Info Disclosure

CVE-2017-7525 CRITICAL

jackson-databind <2.6.7.1, <2.7.9.1, <2.8.9 - Code Injection

CVE-2017-15095 CRITICAL

jackson-databind <2.8.10, 2.9.1 - Code Injection

CVE-2017-0909 CRITICAL

Private_address_check <0.4.1 - SSRF

CVE-2017-7540 CRITICAL

rubygem-safemode <1.3.2 - Privilege Escalation

CVE-2016-7076 MEDIUM

sudo < 1.8.18 - Privilege Escalation via wordexp() Argument Bypass

CVE-2016-6189 MEDIUM

SOGo < 2.3.12 and 3.x < 3.1.1 - Authenticated Information Disclosure via Calendar Feed Fields

CVE-2015-5946 HIGH

SuiteCRM 7.2.2 - Code Injection

Previous Page 5 of 5

Details

Vulnerabilities 122

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy