The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,560 vulnerabilities with CWE-20
CVE-2021-31198
HIGH
Microsoft Exchange Server - Remote Code Execution
CVSS 7.8
CVE-2021-27617
MEDIUM
SAP NetWeaver Process Integration 7.10-7.50 - Denial of Service via Malicious XML Upload
CVSS 4.9
CVE-2021-32471
HIGH
MIT Universal Turing Machine - Remote Code Execution via Crafted Input
CVSS 7.8
CVE-2021-1519
MEDIUM
Cisco AnyConnect Secure Mobility Client < 4.10.00093 - Authenticated VPN Profile Overwrite via IPC Message
CVSS 4.7
CVE-2021-1514
HIGH
Cisco SD-WAN Software - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-1513
HIGH
Cisco SD-WAN Software - Unauthenticated Denial of Service via Malformed Packet Handling
CVSS 7.5
CVE-2021-1508
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.99 - Missing Authorization
CVSS 9.8
CVE-2021-1506
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-1505
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Missing Authorization
CVSS 9.8
CVE-2021-1468
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 20.3.3 - Improper Authentication
CVSS 9.8
CVE-2021-1275
CRITICAL
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 & vManage <20.3.3 - RCE & Info Disclosure
CVSS 9.8
CVE-2021-29242
HIGH
CODESYS Control Runtime < 3.5.17.0 - Improper Input Validation via Crafted Communication Packets
CVSS 7.3
CVE-2021-29486
HIGH
cumulative-distribution-function < 2.0.0 - Denial of Service via Infinite Loop on Non-Numeric Data
CVSS 7.5
CVE-2021-20326
MEDIUM
MongoDB 4.4.0-4.4.3 - Denial of Service via Find Query
CVSS 6.5
CVE-2021-29468
HIGH
Cygwin Git < 2.31.1-1 - Remote Code Execution via Malicious Repository Symbolic Links
CVSS 8.8
CVE-2021-1085
HIGH
NVIDIA vGPU <12.2, <11.4, <8.7 - Memory Corruption
CVSS 7.3
CVE-2021-1084
HIGH
NVIDIA vGPU <12.2-11.4 - Info Disclosure
CVSS 7.8
CVE-2021-1080
HIGH
NVIDIA vGPU <12.2-11.4-8.7 - Info Disclosure
CVSS 7.8
CVE-2021-21388
HIGH
systeminformation < 5.6.4 - OS Command Injection via Service Parameter Mishandling
CVSS 8.9
CVE-2021-1448
HIGH
Cisco Firepower Threat Defense 6.4.0 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2021-1402
HIGH
Cisco Firepower Threat Defense 6.3.0-6.3.9 - Unauthenticated Denial of Service via SSL/TLS Message Handling
CVSS 8.6
CVE-2021-31863
HIGH
Redmine < 4.0.9, 4.1.x < 4.1.3, 4.2.x < 4.2.1 - Arbitrary File Read via Git Repository Integration
CVSS 7.5
CVE-2021-29474
MEDIUM
HedgeDoc < 1.8.0 - Path Traversal and Arbitrary File Read via URL-Encoded Alias
CVSS 4.7
CVE-2021-21221
MEDIUM
Google Chrome <90.0.4430.72 - Info Disclosure
CVSS 6.5
CVE-2021-21208
MEDIUM
Google Chrome < 90.0.4430.72 - Domain Spoofing via QR Code
CVSS 6.5
Details
Vulnerabilities
12,560
Exploit Likelihood
High