CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,478 vulnerabilities with CWE-20
CVE-2021-1506 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-1505 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-1468 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Improper Authentication
CVSS 9.8
CVE-2021-1275 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 & vManage <20.3.3 - RCE & Info Disclosure
CVSS 9.8
CVE-2021-29242 HIGH
CODESYS Control Runtime < 3.5.17.0 - Improper Input Validation via Crafted Communication Packets
CVSS 7.3
CVE-2021-29486 HIGH
cumulative-distribution-function < 2.0.0 - Denial of Service via Infinite Loop on Non-Numeric Data
CVSS 7.5
CVE-2021-20326 MEDIUM
MongoDB 4.4.0-4.4.3 - Denial of Service via Find Query
CVSS 6.5
CVE-2021-29468 HIGH
Cygwin Git < 2.31.1-1 - Remote Code Execution via Malicious Repository Symbolic Links
CVSS 8.8
CVE-2021-1085 HIGH
NVIDIA vGPU <12.2, <11.4, <8.7 - Memory Corruption
CVSS 7.3
CVE-2021-1084 HIGH
NVIDIA vGPU <12.2-11.4 - Info Disclosure
CVSS 7.8
CVE-2021-1080 HIGH
NVIDIA vGPU <12.2-11.4-8.7 - Info Disclosure
CVSS 7.8
CVE-2021-21388 HIGH
systeminformation < 5.6.4 - OS Command Injection via Service Parameter Mishandling
CVSS 8.9
CVE-2021-1448 HIGH
Cisco Firepower Threat Defense 6.4.0 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-1402 HIGH
Cisco Firepower Threat Defense 6.3.0-6.3.9 - Unauthenticated Denial of Service via SSL/TLS Message Handling
CVSS 8.6
CVE-2021-31863 HIGH
Redmine < 4.0.9, 4.1.x < 4.1.3, 4.2.x < 4.2.1 - Arbitrary File Read via Git Repository Integration
CVSS 7.5
CVE-2021-29474 MEDIUM
HedgeDoc < 1.8.0 - Path Traversal and Arbitrary File Read via URL-Encoded Alias
CVSS 4.7
CVE-2021-21221 MEDIUM
Google Chrome <90.0.4430.72 - Info Disclosure
CVSS 6.5
CVE-2021-21208 MEDIUM
Google Chrome < 90.0.4430.72 - Domain Spoofing via QR Code
CVSS 6.5
CVE-2021-22678 HIGH
Cscape <9.90 SP4 - Memory Corruption
CVSS 7.8
CVE-2021-0267 HIGH
Juniper Junos OS 19.4-20.3 - Denial of Service via Crafted DHCP Packet in JDHCPD DHCP Relay Agent
CVSS 7.4
CVE-2021-0214 MEDIUM
Juniper Junos OS - Denial of Service via Malformed Packet in PPMD
CVSS 6.5
CVE-2021-31555 HIGH
MediaWiki < 1.35.2 - Improper Input Validation in Oauth Extension
CVSS 7.5
CVE-2021-29462 HIGH
pupnp < 1.14.6 - DNS Rebinding Attack via Missing Host Header Validation
CVSS 7.6
CVE-2021-3038 MEDIUM
Palo Alto Networks GlobalProtect <5.1.8-5.2.4 - DoS
CVSS 5.5
CVE-2021-29432 MEDIUM
matrix-sydent < 2.3.0 - Arbitrary Email Spoofing via Identity Server
CVSS 5.3
Details
Vulnerabilities 12,478
Exploit Likelihood High