CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,560 vulnerabilities with CWE-20
CVE-2021-1137 HIGH
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.4 - Remote Code Execution and Privilege Escalation
CVSS 7.8
CVE-2021-21404 HIGH
Syncthing < 1.15.0 - Denial of Service via Negative Length Relay Message
CVSS 7.5
CVE-2021-29136 MEDIUM
umoci < 0.4.7 - Arbitrary File Write via Symlink Traversal in Unpack Operation
CVSS 5.5
CVE-2021-21533 MEDIUM
Dell Wyse Management Suite < 3.2 - Authenticated Denial of Service via Job Status Retrieval Page
CVSS 4.3
CVE-2021-21532 MEDIUM
Dell Wyse ThinOS < 8.6 - Improper Management Server Validation
CVSS 5.0
CVE-2021-1748 HIGH
iPadOS < 14.4 - Remote Code Execution via Malicious URL Processing
CVSS 8.8
CVE-2021-30004 MEDIUM
hostapd and wpa_supplicant - Forging Attack via AlgorithmIdentifier Mishandling
CVSS 5.3
CVE-2021-22538 MEDIUM
Google Exposure Notifications Verification Server < 0.23.1 - Improper Input Validation
CVSS 6.3
CVE-2021-29418 MEDIUM
netmask < 2.0.1 - IP Address Validation Bypass via Octal Digit Handling
CVSS 5.3
CVE-2021-21372 HIGH
Nim < 1.2.10 - Remote Code Execution via Nimble doCmd Command Injection
CVSS 8.3
CVE-2021-20206 HIGH
container_network_interface < 0.8.1 - Path Traversal via Plugin Type Field
CVSS 7.2
CVE-2021-1356 MEDIUM
Cisco IOS XE - Authenticated Denial of Service via Web UI Error Handling
CVSS 4.3
CVE-2021-1220 MEDIUM
Cisco IOS XE - Authenticated Denial of Service via Web UI HTTP Packet Handling
CVSS 4.3
CVE-2021-1469 CRITICAL
Cisco Jabber <12.1.5 - Program Execution and Network Traffic Exposure
CVSS 9.9
CVE-2021-1454 MEDIUM
Cisco IOS XE SD-WAN - Privilege Escalation
CVSS 6.0
CVE-2021-1432 HIGH
Cisco IOS XE SD-WAN - Authenticated Command Injection via CLI
CVSS 7.3
CVE-2021-1431 HIGH
Cisco IOS XE SD-WAN - Unauthenticated Denial of Service via Malformed Packet Handling
CVSS 7.5
CVE-2021-1383 MEDIUM
Cisco IOS XE SD-WAN - Privilege Escalation
CVSS 6.0
CVE-2021-20222 HIGH
Keycloak 9.0.0-12.0.2 - Cross-Site Scripting via Referrer URL
CVSS 7.5
CVE-2021-21357 HIGH
TYPO3 < 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Authenticated Path Traversal and Arbitrary File Write via Form Designer Module
CVSS 8.3
CVE-2021-21267 HIGH
schema-inspector < 2.0.0 - Denial of Service via Email Validation ReDoS
CVSS 7.5
CVE-2021-20631 MEDIUM
Cybozu Office <10.8.4 - Info Disclosure
CVSS 6.5
CVE-2021-21726 LOW
ZTE ZXONE 9700, 8700, and 19700 Firmware - Denial of Service via Diagnostic Function Parameter Injection
CVSS 2.3
CVE-2021-21085 HIGH
Adobe Connect <11.0.7 - Code Injection
CVSS 7.8
CVE-2021-21069 HIGH
Adobe Creative Cloud Desktop App <5.3 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 12,560
Exploit Likelihood High