CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,560 vulnerabilities with CWE-20
CVE-2021-22678 HIGH
Cscape <9.90 SP4 - Memory Corruption
CVSS 7.8
CVE-2021-0267 HIGH
Juniper Junos OS 19.4-20.3 - Denial of Service via Crafted DHCP Packet in JDHCPD DHCP Relay Agent
CVSS 7.4
CVE-2021-0214 MEDIUM
Juniper Junos OS - Denial of Service via Malformed Packet in PPMD
CVSS 6.5
CVE-2021-31555 HIGH
MediaWiki < 1.35.2 - Improper Input Validation in Oauth Extension
CVSS 7.5
CVE-2021-29462 HIGH
pupnp < 1.14.6 - DNS Rebinding Attack via Missing Host Header Validation
CVSS 7.6
CVE-2021-3038 MEDIUM
Palo Alto Networks GlobalProtect <5.1.8-5.2.4 - DoS
CVSS 5.5
CVE-2021-29432 MEDIUM
matrix-sydent < 2.3.0 - Arbitrary Email Spoofing via Identity Server
CVSS 5.3
CVE-2021-29431 HIGH
Sydent < 2.3.0 - Server-Side Request Forgery via HTTP GET Request
CVSS 7.7
CVE-2021-29430 HIGH
Sydent < 2.3.0 - Unauthenticated Denial of Service via Unbounded HTTP Request/Response
CVSS 7.5
CVE-2021-29433 MEDIUM
Sydent < 2.3.0 - Uncontrolled Resource Consumption via Third-Party Identifier Confirmation Endpoint
CVSS 4.3
CVE-2021-26415 HIGH
Windows Installer - Elevation of Privilege via Improper Input Validation
CVSS 7.8
CVE-2021-23279 HIGH
Eaton Intelligent Power Manager < 1.69 - Unauthenticated Arbitrary File Delete
CVSS 8.0
CVE-2021-23278 HIGH
Eaton IPM <1.69 - Privilege Escalation
CVSS 8.7
CVE-2021-0400 MEDIUM
Android - Incorrect Emergency Location Reporting via Improper Input Validation
CVSS 5.5
CVE-2021-29425 MEDIUM
Apache Commons IO - Path Traversal via FileNameUtils.normalize
CVSS 4.8
CVE-2021-21393 MEDIUM
Synapse 0.24.0-1.27.9 - Denial of Service via Third-Party Identifier Confirmation Endpoint
CVSS 5.3
CVE-2021-21394 MEDIUM
Synapse 0.17.0-1.27.9 - Denial of Service via Third-Party Identifier Confirmation Endpoint
CVSS 5.3
CVE-2021-25378 MEDIUM
Samsung SmartThings < 1.7.63.6 - Remote Denial of Service via Improper Port Access Control
CVSS 4.3
CVE-2021-25356 HIGH
Managed Provisioning <SMR APR-2021 Release 1 - Privilege Escalation
CVSS 7.1
CVE-2021-21431 HIGH
sopel-channelmgnt < 2.0.1 - Improper Access Control via Multi-User Kick Command
CVSS 7.6
CVE-2021-3482 MEDIUM
exiv2 <= 0.27.4-RC1 - Heap-Based Buffer Overflow via JPG EXIF Data
CVSS 6.5
CVE-2021-1404 HIGH
ClamAV 0.103.0 and 0.103.1 - Denial of Service via PDF Parsing Heap Buffer Over-Read
CVSS 7.5
CVE-2021-1252 HIGH
ClamAV 0.103.0 and 0.103.1 - Denial of Service via Excel XLM Macro Parsing
CVSS 7.5
CVE-2021-1480 HIGH
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.4 - Unauthenticated Remote Code Execution
CVSS 7.8
CVE-2021-1459 CRITICAL
Cisco RV110W RV130 RV130W RV215W - Unauthenticated Remote Code Execution via Web Interface
CVSS 9.8
Details
Vulnerabilities 12,560
Exploit Likelihood High