CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,591 vulnerabilities with CWE-20
CVE-2019-20870 MEDIUM
Mattermost Server < 5.10.0 - Improper Input Validation via Edited Flag Bypass
CVSS 4.3
CVE-2019-20868 HIGH
Mattermost Server < 5.11.0 - Improper Input Validation in Invite ID Generation
CVSS 7.5
CVE-2019-20848 HIGH
Mattermost Mobile Apps < 1.26.0 - Improper Input Validation in Quick Reply Feature
CVSS 7.5
CVE-2019-14038 HIGH
Qualcomm APQ8009 Firmware - Out-of-bounds Read in ADSP Parse Function
CVSS 7.1
CVE-2019-15709 MEDIUM
FortiAP-S/W2 < 6.0.5 and FortiAP-U < 6.0.1 - Authenticated Arbitrary File Write via tcpdump CLI Command
CVSS 6.5
CVE-2019-15880 CRITICAL
FreeBSD <12.1-STABLE-r356911, <12.1-RELEASE-p5 - Memory Corruption
CVSS 9.8
CVE-2019-19164 HIGH
dext5.ocx ActiveX Control <= 5.0.0.112 - Remote Code Execution via Method Argument Manipulation
CVSS 7.8
CVE-2019-16011 HIGH
Cisco IOS XE SD-WAN - Command Injection
CVSS 7.8
CVE-2019-5614 CRITICAL
FreeBSD Memory Corruption via IPFW Packet Validation
CVSS 9.8
CVE-2019-15874 CRITICAL
FreeBSD <12.1-RELEASE-p4, <11.3-RELEASE-p8 - Use After Free
CVSS 9.8
CVE-2019-5303 MEDIUM
Huawei Smartphones - Denial of Service via TD-SCDMA Message Parsing
CVSS 5.3
CVE-2019-5302 MEDIUM
Huawei Smartphones - Denial of Service via TD-SCDMA Message Parsing
CVSS 5.3
CVE-2019-20778 CRITICAL
LG Android 7.0-9.0 - Improper Input Validation in Backup Subsystem
CVSS 9.8
CVE-2019-12520 HIGH
Squid < 4.7 - Cache Poisoning via Decoded UserInfo in Absolute URL
CVSS 7.5
CVE-2019-19095 MEDIUM
HitachiEnergy eSOMS 4.0-6.0.2 - Stored Cross-Site Scripting via Database Content
CVSS 5.4
CVE-2019-14905 MEDIUM
Ansible Engine < 2.7.16 - OS Command Injection via nxos_file_copy Module
CVSS 5.6
CVE-2019-4001 HIGH
Druva inSync Client 6.5.0 - Authenticated Arbitrary NodeJS Code Execution
CVSS 7.8
CVE-2019-20485 MEDIUM
libvirt < 6.0.0 - Denial of Service via Guest Agent Query Monitor Job
CVSS 5.7
CVE-2019-19942 HIGH
Swisscom Centro Grande < 6.16.12 and Centro Business 1.0 < 7.10.18 - DNS Spoofing via DHCP Hostname
CVSS 7.5
CVE-2019-6696 MEDIUM
FortiOS 5.4.0-6.0.8 - URL Redirection via Admin Initial Password Change Webpage
CVSS 6.1
CVE-2019-2216 HIGH
Android 10 - Local Privilege Escalation via Overlay Notification Input Validation
CVSS 7.3
CVE-2019-7589 CRITICAL
Johnson Controls Kantech EntraPass <8.0 - RCE
CVSS 9.8
CVE-2019-19298 HIGH
SiNVR/SiVMS Video Server < 5.0.2 - Unauthenticated Denial of Service via Malformed HTTP Requests
CVSS 7.5
CVE-2019-19279 HIGH
SIPROTEC 4 and SIPROTEC Compact - Denial of Service via Crafted UDP Packets to Port 50000
CVSS 7.5
CVE-2019-12433 MEDIUM
GitLab 11.7.0-11.11.0 - Improper Input Validation in Restricted Visibility Settings
CVSS 5.3
Details
Vulnerabilities 12,591
Exploit Likelihood High