CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,591 vulnerabilities with CWE-20
CVE-2019-8592 HIGH
iPhone OS < 12.3, macOS X 10.12.6-10.14.4, tvOS < 12.3, watchOS < 5.2.1 - Remote Code Execution via Malicious Audio File
CVSS 7.8
CVE-2019-8579 HIGH
macOS < 10.14.4 - Privilege Escalation via Improper Input Validation
CVSS 7.8
CVE-2019-8573 HIGH
iPhone OS < 12.3, macOS < 10.14.5, watchOS < 5.2.1 - Denial of Service
CVSS 7.5
CVE-2019-6238 HIGH
macOS < 10.14.4 - Arbitrary Code Execution via Symlink Validation Issue
CVSS 7.8
CVE-2019-17006 CRITICAL
Siemens Ruggedcom ROX MX5000 Firmware < 2.14.0 - Buffer Overflow via Missing Length Checks
CVSS 9.8
CVE-2019-7178 HIGH
Pexip Infinity <20.1 - Privilege Escalation
CVSS 7.2
CVE-2019-1983 MEDIUM
Cisco Email Security Appliance DoS via Crafted Email Attachment
CVSS 5.3
CVE-2019-1947 HIGH
Cisco Email Security Appliance - Denial of Service via Large Email Attachments
CVSS 8.6
CVE-2019-16017 MEDIUM
Cisco Unified Customer Voice Portal < 11.6(1)_es-11 - Insecure Direct Object Reference
CVSS 6.8
CVE-2019-15974 MEDIUM
Cisco Managed Services Accelerator < 3.7.0 - Unauthenticated Open Redirect via HTTP Request Parameter
CVSS 6.1
CVE-2019-15959 MEDIUM
Cisco SPA500 Series - Command Injection
CVSS 6.6
CVE-2019-15957 HIGH
Cisco Small Business RV Series Routers - Command Injection
CVSS 7.2
CVE-2019-15289 HIGH
Cisco TelePresence CE < 9.8.0 and RoomOS - Unauthenticated Denial of Service via Crafted Video Traffic
CVSS 7.5
CVE-2019-14074 HIGH
Qualcomm Snapdragon - Heap Overflow in Diag Command Handler
CVSS 7.8
CVE-2019-4533 MEDIUM
IBM Resilient SOAR 38.0 - Denial of Service via Insufficient Input Validation
CVSS 4.3
CVE-2019-14904 HIGH
Ansible < 2.7.15 - OS Command Injection via Solaris Zone Name Parameter
CVSS 7.3
CVE-2019-11857 CRITICAL
ALEOS <4.12.0, 4.9.5, 4.4.9 - Info Disclosure
CVSS 9.1
CVE-2019-14123 HIGH
Widevine HLOS Client - Buffer Overflow
CVSS 7.8
CVE-2019-19417 HIGH
Huawei AR160 Firmware - Denial of Service via SIP Module Buffer Overflow
CVSS 7.5
CVE-2019-19416 HIGH
Huawei AR120-S, AR1200, AR1200-S, AR150, AR150-S Firmware - Denial of Service via SIP Module Buffer Overflow
CVSS 7.5
CVE-2019-19415 HIGH
Huawei AR120-S, AR1200, AR1200-S, AR150, AR150-S Firmware - Denial of Service via SIP Message Buffer Overflow
CVSS 7.5
CVE-2019-19163 HIGH
COMMAX WallPad CDP-1020MB Firmware < 2019.12.30 - Unauthenticated Remote Code Execution via Outdated MySQL
CVSS 7.5
CVE-2019-14894 HIGH
CloudForms Management Engine 5.10-5.11 - Authenticated Remote Code Execution via NFS Schedule Backup
CVSS 8.0
CVE-2019-14047 HIGH
Qualcomm Multiple Chipsets Firmware - Improper Input Validation in IPA Driver
CVSS 7.8
CVE-2019-10626 MEDIUM
Qualcomm Snapdragon Firmware - Memory Corruption via Unvalidated Payload Size
CVSS 5.5
Details
Vulnerabilities 12,591
Exploit Likelihood High