CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,560 vulnerabilities with CWE-20
CVE-2021-27641 MEDIUM
SAP 3D Visual Enterprise Viewer <9 - DoS
CVSS 5.5
CVE-2021-27640 MEDIUM
SAP 3D Visual Enterprise Viewer <9 - DoS
CVSS 5.5
CVE-2021-27639 MEDIUM
SAP 3D Visual Enterprise Viewer <9 - DoS
CVSS 5.5
CVE-2021-27638 MEDIUM
SAP 3D Visual Enterprise Viewer <9 - DoS
CVSS 5.5
CVE-2021-22116 HIGH
RabbitMQ < 3.8.16 - Denial of Service via AMQP 1.0 Client Connection Endpoint
CVSS 7.5
CVE-2021-3490 HIGH
Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE
CVSS 7.8
CVE-2021-32666 MEDIUM
wire < 3.81 - Denial of Service via Invalid Profile Picture AssetID
CVSS 6.5
CVE-2021-32635 MEDIUM
Singularity 3.7.2-3.7.3 - Info Disclosure
CVSS 6.3
CVE-2021-29507 MEDIUM
GENIVI Diagnostic Log and Trace 2.10.0-2.18.6 - Denial of Service via Configuration File
CVSS 5.7
CVE-2021-32642 HIGH
radsecproxy - Configuration Injection via Crafted RadSec Peer Discovery DNS Records
CVSS 7.0
CVE-2021-29629 HIGH
FreeBSD DoS via libradius Message Validation
CVSS 7.5
CVE-2021-33620 MEDIUM
Squid < 4.15 and 5.x < 5.0.6 - Denial of Service via HTTP Response Header
CVSS 6.5
CVE-2021-20195 CRITICAL
Keycloak < 13.0.0 - Stored Cross-Site Scripting via User-Supplied Data Fields
CVSS 9.6
CVE-2021-22359 HIGH
Huawei S5700/S6700 <V200R005C00SPC500 - DoS
CVSS 7.5
CVE-2021-22358 MEDIUM
FusionCompute 8.0.0 - Arbitrary File Upload via Insufficient Input Validation
CVSS 4.3
CVE-2021-30501 MEDIUM
UPX 4.0.0 - Denial of Service via Crafted File in MemBuffer::alloc()
CVSS 5.5
CVE-2021-28170 MEDIUM
Jakarta Expression Language <3.0.3 - Info Disclosure
CVSS 5.3
CVE-2021-20297 MEDIUM
NetworkManager < 1.30.0 - Denial of Service via Profile Activation with match.path
CVSS 5.5
CVE-2021-22699 HIGH
Modicon M241/M251 Firmware < 5.1.9.1 - Denial of Service via Crafted HTTP Requests
CVSS 7.5
CVE-2021-21985 CRITICAL KEV
VMware vCenter Server - Remote Code Execution via Virtual SAN Health Check Plugin
CVSS 9.8
CVE-2021-3531 MEDIUM
Red Hat Ceph Storage RGW <14.2.21 - DoS
CVSS 5.3
CVE-2021-3524 MEDIUM
Red Hat Ceph Storage RadosGW <14.2.21 - HTTP Header Injection
CVSS 6.5
CVE-2021-29611 LOW
TensorFlow < 2.1.4, 2.3.0-2.3.3 - Denial of Service via SparseReshape CHECK-Failure
CVSS 3.6
CVE-2021-23906 LOW
Mercedes-Benz MBUX Infotainment System < 2021 - Remote Code Execution via HiQnet Protocol Message Length
CVSS 1.8
CVE-2021-22152 MEDIUM
BlackBerry Unified Endpoint Management <= 12.13.1 QF2 / <= 12.12.1a QF6 - DoS via Management Console Input Validation
CVSS 5.5
Details
Vulnerabilities 12,560
Exploit Likelihood High