The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,591 vulnerabilities with CWE-20
CVE-2019-20870
MEDIUM
Mattermost Server < 5.10.0 - Improper Input Validation via Edited Flag Bypass
CVSS 4.3
CVE-2019-20868
HIGH
Mattermost Server < 5.11.0 - Improper Input Validation in Invite ID Generation
CVSS 7.5
CVE-2019-20848
HIGH
Mattermost Mobile Apps < 1.26.0 - Improper Input Validation in Quick Reply Feature
CVSS 7.5
CVE-2019-14038
HIGH
Qualcomm APQ8009 Firmware - Out-of-bounds Read in ADSP Parse Function
CVSS 7.1
CVE-2019-15709
MEDIUM
FortiAP-S/W2 < 6.0.5 and FortiAP-U < 6.0.1 - Authenticated Arbitrary File Write via tcpdump CLI Command
CVSS 6.5
CVE-2019-15880
CRITICAL
FreeBSD <12.1-STABLE-r356911, <12.1-RELEASE-p5 - Memory Corruption
CVSS 9.8
CVE-2019-19164
HIGH
dext5.ocx ActiveX Control <= 5.0.0.112 - Remote Code Execution via Method Argument Manipulation
CVSS 7.8
CVE-2019-16011
HIGH
Cisco IOS XE SD-WAN - Command Injection
CVSS 7.8
CVE-2019-5614
CRITICAL
FreeBSD Memory Corruption via IPFW Packet Validation
CVSS 9.8
CVE-2019-15874
CRITICAL
FreeBSD <12.1-RELEASE-p4, <11.3-RELEASE-p8 - Use After Free
CVSS 9.8
CVE-2019-5303
MEDIUM
Huawei Smartphones - Denial of Service via TD-SCDMA Message Parsing
CVSS 5.3
CVE-2019-5302
MEDIUM
Huawei Smartphones - Denial of Service via TD-SCDMA Message Parsing
CVSS 5.3
CVE-2019-20778
CRITICAL
LG Android 7.0-9.0 - Improper Input Validation in Backup Subsystem
CVSS 9.8
CVE-2019-12520
HIGH
Squid < 4.7 - Cache Poisoning via Decoded UserInfo in Absolute URL
CVSS 7.5
CVE-2019-19095
MEDIUM
HitachiEnergy eSOMS 4.0-6.0.2 - Stored Cross-Site Scripting via Database Content
CVSS 5.4
CVE-2019-14905
MEDIUM
Ansible Engine < 2.7.16 - OS Command Injection via nxos_file_copy Module
CVSS 5.6
CVE-2019-4001
HIGH
Druva inSync Client 6.5.0 - Authenticated Arbitrary NodeJS Code Execution
CVSS 7.8
CVE-2019-20485
MEDIUM
libvirt < 6.0.0 - Denial of Service via Guest Agent Query Monitor Job
CVSS 5.7
CVE-2019-19942
HIGH
Swisscom Centro Grande < 6.16.12 and Centro Business 1.0 < 7.10.18 - DNS Spoofing via DHCP Hostname
CVSS 7.5
CVE-2019-6696
MEDIUM
FortiOS 5.4.0-6.0.8 - URL Redirection via Admin Initial Password Change Webpage
CVSS 6.1
CVE-2019-2216
HIGH
Android 10 - Local Privilege Escalation via Overlay Notification Input Validation
CVSS 7.3
CVE-2019-7589
CRITICAL
Johnson Controls Kantech EntraPass <8.0 - RCE
CVSS 9.8
CVE-2019-19298
HIGH
SiNVR/SiVMS Video Server < 5.0.2 - Unauthenticated Denial of Service via Malformed HTTP Requests
CVSS 7.5
CVE-2019-19279
HIGH
SIPROTEC 4 and SIPROTEC Compact - Denial of Service via Crafted UDP Packets to Port 50000
CVSS 7.5
CVE-2019-12433
MEDIUM
GitLab 11.7.0-11.11.0 - Improper Input Validation in Restricted Visibility Settings
CVSS 5.3
Details
Vulnerabilities
12,591
Exploit Likelihood
High