CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,478 vulnerabilities with CWE-20
CVE-2021-32635 MEDIUM
Singularity 3.7.2-3.7.3 - Info Disclosure
CVSS 6.3
CVE-2021-29507 MEDIUM
GENIVI Diagnostic Log and Trace 2.10.0-2.18.6 - Denial of Service via Configuration File
CVSS 5.7
CVE-2021-32642 HIGH
radsecproxy - Configuration Injection via Crafted RadSec Peer Discovery DNS Records
CVSS 7.0
CVE-2021-29629 HIGH
FreeBSD DoS via libradius Message Validation
CVSS 7.5
CVE-2021-33620 MEDIUM
Squid < 4.15 and 5.x < 5.0.6 - Denial of Service via HTTP Response Header
CVSS 6.5
CVE-2021-20195 CRITICAL
Keycloak < 13.0.0 - Stored Cross-Site Scripting via User-Supplied Data Fields
CVSS 9.6
CVE-2021-22359 HIGH
Huawei S5700/S6700 <V200R005C00SPC500 - DoS
CVSS 7.5
CVE-2021-22358 MEDIUM
FusionCompute 8.0.0 - Arbitrary File Upload via Insufficient Input Validation
CVSS 4.3
CVE-2021-30501 MEDIUM
UPX 4.0.0 - Denial of Service via Crafted File in MemBuffer::alloc()
CVSS 5.5
CVE-2021-28170 MEDIUM
Jakarta Expression Language <3.0.3 - Info Disclosure
CVSS 5.3
CVE-2021-20297 MEDIUM
NetworkManager < 1.30.0 - Denial of Service via Profile Activation with match.path
CVSS 5.5
CVE-2021-22699 HIGH
Modicon M241/M251 Firmware < 5.1.9.1 - Denial of Service via Crafted HTTP Requests
CVSS 7.5
CVE-2021-21985 CRITICAL KEV
VMware vCenter Server - Remote Code Execution via Virtual SAN Health Check Plugin
CVSS 9.8
CVE-2021-3531 MEDIUM
Red Hat Ceph Storage RGW <14.2.21 - DoS
CVSS 5.3
CVE-2021-3524 MEDIUM
Red Hat Ceph Storage RadosGW <14.2.21 - HTTP Header Injection
CVSS 6.5
CVE-2021-29611 LOW
TensorFlow < 2.1.4, 2.3.0-2.3.3 - Denial of Service via SparseReshape CHECK-Failure
CVSS 3.6
CVE-2021-23906 LOW
Mercedes-Benz MBUX Infotainment System < 2021 - Remote Code Execution via HiQnet Protocol Message Length
CVSS 1.8
CVE-2021-22152 MEDIUM
BlackBerry Unified Endpoint Management <= 12.13.1 QF2 / <= 12.12.1a QF6 - DoS via Management Console Input Validation
CVSS 5.5
CVE-2021-31198 HIGH
Microsoft Exchange Server - Remote Code Execution
CVSS 7.8
CVE-2021-27617 MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Denial of Service via Malicious XML Upload
CVSS 4.9
CVE-2021-32471 HIGH
MIT Universal Turing Machine - Remote Code Execution via Crafted Input
CVSS 7.8
CVE-2021-1519 MEDIUM
Cisco AnyConnect Secure Mobility Client < 4.10.00093 - Authenticated VPN Profile Overwrite via IPC Message
CVSS 4.7
CVE-2021-1514 HIGH
Cisco SD-WAN Software - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-1513 HIGH
Cisco SD-WAN Software - Unauthenticated Denial of Service via Malformed Packet Handling
CVSS 7.5
CVE-2021-1508 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.99 - Missing Authorization
CVSS 9.8
Details
Vulnerabilities 12,478
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits