CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,472 vulnerabilities with CWE-20
CVE-2021-20754 MEDIUM
Cybozu Garoon <5.0.2 - Privilege Escalation
CVSS 4.3
CVE-2021-37707 MEDIUM
Shopware < 6.4.3.1 - Product Review Manipulation via API
CVSS 6.5
CVE-2021-22931 CRITICAL
Node.js <16.6.0, 14.17.4, 12.22.4 - RCE
CVSS 9.8
CVE-2021-37586 MEDIUM
Mitel Interaction Recording < 6.7 - Authenticated Tenant Data Exposure via PowerPlay Web Replay
CVSS 4.9
CVE-2021-37692 MEDIUM
TensorFlow 2.5.0-2.5.1 - Use-After-Free in String Tensor Deallocation
CVSS 5.5
CVE-2021-37677 MEDIUM
TensorFlow 2.3.0-2.3.3 - Denial of Service via Dequantize Shape Inference
CVSS 5.5
CVE-2021-37674 MEDIUM
TensorFlow 2.3.0-2.3.3 - Denial of Service via Missing Validation in MaxPoolGrad
CVSS 5.5
CVE-2021-37673 MEDIUM
TensorFlow 2.3.0-2.3.3 - Denial of Service via MapStage CHECK-fail
CVSS 5.5
CVE-2021-37665 HIGH
TensorFlow 2.3.0-2.3.3 - Memory Corruption via MKL Requantization Input Validation
CVSS 7.8
CVE-2021-37663 HIGH
TensorFlow 2.3.0-2.3.3 - Memory Corruption via QuantizeV2 Input Validation
CVSS 7.8
CVE-2021-33199 CRITICAL
Expression Engine <6.0.3 - Info Disclosure
CVSS 9.8
CVE-2021-36982 HIGH
AIMANAGER b107-b115 - OS Command Injection via HTTP Request Parameter
CVSS 8.1
CVE-2021-1110 HIGH
NVIDIA Linux kernel - Use After Free
CVSS 7.1
CVE-2021-3048 MEDIUM
PAN-OS 9.0.0-9.0.13 - Denial of Service via Invalid External Dynamic List URL
CVSS 5.9
CVE-2021-0084 HIGH
Intel Ethernet Controller E810 Firmware < 1.4.11 - Authenticated Privilege Escalation via Input Validation
CVSS 7.8
CVE-2021-0083 MEDIUM
Intel Optane Persistent Memory Firmware < 1.2.0.5446 or < 2.2.0.1547 - Denial of Service via Improper Input Validation
CVSS 4.4
CVE-2021-0062 HIGH
Intel Graphics Drivers >=27.20 <27.20.100.8935 - Authenticated Privilege Escalation via Local Input Validation
CVSS 7.8
CVE-2021-33708 HIGH
Kyma < 1.24 - Authenticated Privilege Escalation via Header Injection
CVSS 8.8
CVE-2021-33706 MEDIUM
SAP InfraBox < 1.2.2 - Authenticated Log Modification via Improper Input Validation
CVSS 4.3
CVE-2021-29714 MEDIUM
IBM Content Navigator 3.0.CD - Denial of Service via Improper Input Validation
CVSS 6.5
CVE-2021-26606 CRITICAL
dreamsecurity magicline4nx.exe < 1.0.0.17 - Remote Code Execution via Crafted HTTP Request
CVSS 9.8
CVE-2021-3655 LOW
Linux Kernel < 5.14 - Information Disclosure via SCTP Packet Size Validation
CVSS 3.3
CVE-2021-3580 HIGH
nettle < 3.7.3 - Denial of Service via RSA Decryption Ciphertext Handling
CVSS 7.5
CVE-2021-26605 HIGH
ezPDFReader 2.0-3.0 - Remote Code Execution via JSON-RPC Input
CVSS 7.5
CVE-2021-22924 LOW
libcurl 7.10.4-7.76.1 - Connection Reuse via Case-Insensitive Path Matching
CVSS 3.7
Details
Vulnerabilities 12,472
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits