CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,560 vulnerabilities with CWE-20
CVE-2021-31198 HIGH
Microsoft Exchange Server - Remote Code Execution
CVSS 7.8
CVE-2021-27617 MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Denial of Service via Malicious XML Upload
CVSS 4.9
CVE-2021-32471 HIGH
MIT Universal Turing Machine - Remote Code Execution via Crafted Input
CVSS 7.8
CVE-2021-1519 MEDIUM
Cisco AnyConnect Secure Mobility Client < 4.10.00093 - Authenticated VPN Profile Overwrite via IPC Message
CVSS 4.7
CVE-2021-1514 HIGH
Cisco SD-WAN Software - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-1513 HIGH
Cisco SD-WAN Software - Unauthenticated Denial of Service via Malformed Packet Handling
CVSS 7.5
CVE-2021-1508 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.99 - Missing Authorization
CVSS 9.8
CVE-2021-1506 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-1505 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-1468 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Improper Authentication
CVSS 9.8
CVE-2021-1275 CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 & vManage <20.3.3 - RCE & Info Disclosure
CVSS 9.8
CVE-2021-29242 HIGH
CODESYS Control Runtime < 3.5.17.0 - Improper Input Validation via Crafted Communication Packets
CVSS 7.3
CVE-2021-29486 HIGH
cumulative-distribution-function < 2.0.0 - Denial of Service via Infinite Loop on Non-Numeric Data
CVSS 7.5
CVE-2021-20326 MEDIUM
MongoDB 4.4.0-4.4.3 - Denial of Service via Find Query
CVSS 6.5
CVE-2021-29468 HIGH
Cygwin Git < 2.31.1-1 - Remote Code Execution via Malicious Repository Symbolic Links
CVSS 8.8
CVE-2021-1085 HIGH
NVIDIA vGPU <12.2, <11.4, <8.7 - Memory Corruption
CVSS 7.3
CVE-2021-1084 HIGH
NVIDIA vGPU <12.2-11.4 - Info Disclosure
CVSS 7.8
CVE-2021-1080 HIGH
NVIDIA vGPU <12.2-11.4-8.7 - Info Disclosure
CVSS 7.8
CVE-2021-21388 HIGH
systeminformation < 5.6.4 - OS Command Injection via Service Parameter Mishandling
CVSS 8.9
CVE-2021-1448 HIGH
Cisco Firepower Threat Defense 6.4.0 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-1402 HIGH
Cisco Firepower Threat Defense 6.3.0-6.3.9 - Unauthenticated Denial of Service via SSL/TLS Message Handling
CVSS 8.6
CVE-2021-31863 HIGH
Redmine < 4.0.9, 4.1.x < 4.1.3, 4.2.x < 4.2.1 - Arbitrary File Read via Git Repository Integration
CVSS 7.5
CVE-2021-29474 MEDIUM
HedgeDoc < 1.8.0 - Path Traversal and Arbitrary File Read via URL-Encoded Alias
CVSS 4.7
CVE-2021-21221 MEDIUM
Google Chrome <90.0.4430.72 - Info Disclosure
CVSS 6.5
CVE-2021-21208 MEDIUM
Google Chrome < 90.0.4430.72 - Domain Spoofing via QR Code
CVSS 6.5
Details
Vulnerabilities 12,560
Exploit Likelihood High