CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,563 vulnerabilities with CWE-20
CVE-2021-21726 LOW
ZTE ZXONE 9700, 8700, and 19700 Firmware - Denial of Service via Diagnostic Function Parameter Injection
CVSS 2.3
CVE-2021-21085 HIGH
Adobe Connect <11.0.7 - Code Injection
CVSS 7.8
CVE-2021-21069 HIGH
Adobe Creative Cloud Desktop App <5.3 - Privilege Escalation
CVSS 7.8
CVE-2021-0377 MEDIUM
Android 11 - Local Defense in Depth Bypass via DeltaPerformer::Write
CVSS 5.5
CVE-2021-20671 HIGH
GROWI v4.2.2 - Authenticated Arbitrary File Write via Upload Feature
CVSS 7.2
CVE-2021-20268 HIGH
Linux Kernel < 5.10.10 - Out-of-Bounds Access in eBPF Verifier via dev_map_init_map or sock_map_alloc
CVSS 7.8
CVE-2021-20273 HIGH
Privoxy < 3.0.32 - Denial of Service via Crafted CGI Request
CVSS 7.5
CVE-2021-21510 MEDIUM
Dell iDRAC8 < 2.75.100.75 - Unauthenticated Host Header Injection
CVSS 6.1
CVE-2021-21506 HIGH
PowerScale OneFS 8.1.2, 8.2.2, 9.1.0 - Privilege Escalation via API Handler Input Sanitization Issue
CVSS 8.8
CVE-2021-26788 HIGH
Oryx Embedded CycloneTCP 1.7.6-2.0.0 - Unauthenticated Denial of Service via Malicious TCP Packet
CVSS 7.5
CVE-2021-25339 MEDIUM
Samsung mobile <SMR Mar-2021 Release 1 - Memory Corruption
CVSS 4.4
CVE-2021-25338 MEDIUM
Samsung mobile <SMR Mar-2021 Release 1 - Memory Corruption
CVSS 4.4
CVE-2021-25334 MEDIUM
Samsung mobile devices <SMR Feb-2021 Release 1 - DoS
CVSS 5.5
CVE-2021-23131 HIGH
Joomla! 3.2.0-3.9.24 - Improper Input Validation in Template Manager
CVSS 7.5
CVE-2021-21978 CRITICAL
VMware View Planner 4.0-4.5 - Unauthenticated Remote Code Execution via Logupload Arbitrary File Upload
CVSS 9.8
CVE-2021-27923 HIGH
Pillow < 8.1.2 - Denial of Service via ICO Image Size Mismatch
CVSS 7.5
CVE-2021-27922 HIGH
Pillow < 8.1.2 - Denial of Service via ICNS Container Memory Allocation
CVSS 7.5
CVE-2021-27921 HIGH
Pillow < 8.1.2 - Denial of Service via BLP Image Size Mismatch
CVSS 7.5
CVE-2021-21322 CRITICAL
fastify-http-proxy < 4.3.1 - URL Prefix Bypass via Crafted Request
CVSS 10.0
CVE-2021-21321 CRITICAL
fastify-reply-from < 4.0.2 - URL Prefix Bypass via Crafted Request
CVSS 10.0
CVE-2021-0404 MEDIUM
Android 11 - Local Information Disclosure via mobile_log_d Improper Input Validation
CVSS 4.4
CVE-2021-1450 MEDIUM
Cisco AnyConnect Secure Mobility Client - Authenticated Denial of Service via IPC Message
CVSS 5.5
CVE-2021-1367 MEDIUM
Cisco NX-OS - Unauthenticated Denial of Service via Crafted PIM Packet
CVSS 4.3
CVE-2021-20252 MEDIUM
Red Hat 3scale API Management Platform 2 - Denial of Service via Large Date Range Query
CVSS 6.5
CVE-2021-20194 HIGH
Linux Kernel >= 5.2 - Heap Overflow via BPF Getsockopt Hook
CVSS 7.8
Details
Vulnerabilities 12,563
Exploit Likelihood High