The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,563 vulnerabilities with CWE-20
CVE-2021-21726
LOW
ZTE ZXONE 9700, 8700, and 19700 Firmware - Denial of Service via Diagnostic Function Parameter Injection
CVSS 2.3
CVE-2021-21085
HIGH
Adobe Connect <11.0.7 - Code Injection
CVSS 7.8
CVE-2021-21069
HIGH
Adobe Creative Cloud Desktop App <5.3 - Privilege Escalation
CVSS 7.8
CVE-2021-0377
MEDIUM
Android 11 - Local Defense in Depth Bypass via DeltaPerformer::Write
CVSS 5.5
CVE-2021-20671
HIGH
GROWI v4.2.2 - Authenticated Arbitrary File Write via Upload Feature
CVSS 7.2
CVE-2021-20268
HIGH
Linux Kernel < 5.10.10 - Out-of-Bounds Access in eBPF Verifier via dev_map_init_map or sock_map_alloc
CVSS 7.8
CVE-2021-20273
HIGH
Privoxy < 3.0.32 - Denial of Service via Crafted CGI Request
CVSS 7.5
CVE-2021-21510
MEDIUM
Dell iDRAC8 < 2.75.100.75 - Unauthenticated Host Header Injection
CVSS 6.1
CVE-2021-21506
HIGH
PowerScale OneFS 8.1.2, 8.2.2, 9.1.0 - Privilege Escalation via API Handler Input Sanitization Issue
CVSS 8.8
CVE-2021-26788
HIGH
Oryx Embedded CycloneTCP 1.7.6-2.0.0 - Unauthenticated Denial of Service via Malicious TCP Packet
CVSS 7.5
CVE-2021-25339
MEDIUM
Samsung mobile <SMR Mar-2021 Release 1 - Memory Corruption
CVSS 4.4
CVE-2021-25338
MEDIUM
Samsung mobile <SMR Mar-2021 Release 1 - Memory Corruption
CVSS 4.4
CVE-2021-25334
MEDIUM
Samsung mobile devices <SMR Feb-2021 Release 1 - DoS
CVSS 5.5
CVE-2021-23131
HIGH
Joomla! 3.2.0-3.9.24 - Improper Input Validation in Template Manager
CVSS 7.5
CVE-2021-21978
CRITICAL
VMware View Planner 4.0-4.5 - Unauthenticated Remote Code Execution via Logupload Arbitrary File Upload
CVSS 9.8
CVE-2021-27923
HIGH
Pillow < 8.1.2 - Denial of Service via ICO Image Size Mismatch
CVSS 7.5
CVE-2021-27922
HIGH
Pillow < 8.1.2 - Denial of Service via ICNS Container Memory Allocation
CVSS 7.5
CVE-2021-27921
HIGH
Pillow < 8.1.2 - Denial of Service via BLP Image Size Mismatch
CVSS 7.5
CVE-2021-21322
CRITICAL
fastify-http-proxy < 4.3.1 - URL Prefix Bypass via Crafted Request
CVSS 10.0
CVE-2021-21321
CRITICAL
fastify-reply-from < 4.0.2 - URL Prefix Bypass via Crafted Request
CVSS 10.0
CVE-2021-0404
MEDIUM
Android 11 - Local Information Disclosure via mobile_log_d Improper Input Validation
CVSS 4.4
CVE-2021-1450
MEDIUM
Cisco AnyConnect Secure Mobility Client - Authenticated Denial of Service via IPC Message
CVSS 5.5
CVE-2021-1367
MEDIUM
Cisco NX-OS - Unauthenticated Denial of Service via Crafted PIM Packet
CVSS 4.3
CVE-2021-20252
MEDIUM
Red Hat 3scale API Management Platform 2 - Denial of Service via Large Date Range Query
CVSS 6.5
CVE-2021-20194
HIGH
Linux Kernel >= 5.2 - Heap Overflow via BPF Getsockopt Hook
CVSS 7.8
Details
Vulnerabilities
12,563
Exploit Likelihood
High