CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,591 vulnerabilities with CWE-20
CVE-2019-12706 HIGH
Cisco Email Security Appliance Firmware < 13.5.0 - Unauthenticated Filter Bypass via SPF Message Validation
CVSS 7.5
CVE-2019-12701 MEDIUM
Cisco Secure Firewall Management Center - Unauthenticated Policy Bypass via Crafted HTTP Request
CVSS 5.8
CVE-2019-12699 HIGH
Cisco Firepower 9300 Firmware - Authenticated OS Command Injection via CLI Arguments
CVSS 7.8
CVE-2019-12694 MEDIUM
Cisco Firepower Threat Defense < 6.3.0.5 - Authenticated Command Injection via CLI
CVSS 6.7
CVE-2019-12689 HIGH
Cisco Secure Firewall Management Center < 6.2.2.2 - Authenticated Remote Code Execution via Web Interface
CVSS 8.8
CVE-2019-12688 HIGH
Cisco Firepower Management Center - Authenticated Remote Code Execution via Web UI Input
CVSS 8.8
CVE-2019-12687 HIGH
Cisco Secure Firewall Management Center - Authenticated Remote Code Execution via Web UI Input
CVSS 8.8
CVE-2019-12676 HIGH
Cisco Adaptive Security Appliance and Firepower Threat Defense - Denial of Service via OSPF LSA Type 11 Packet Parsing
CVSS 7.4
CVE-2019-12673 HIGH
Cisco ASA <9.6.4.34, >=9.7 <9.8.4.10 & FTD <6.3.0.5 - DoS via FTP Inspection
CVSS 7.5
CVE-2019-12630 CRITICAL
Cisco Security Manager < 4.18 - Unauthenticated Remote Code Execution via Java Deserialization
CVSS 9.8
CVE-2019-12157 CRITICAL
JetBrains UpSource <2018.2.1293 - Info Disclosure
CVSS 9.8
CVE-2019-10538 CRITICAL
Qualcomm MSM8909W and other Snapdragon Firmware - Memory Corruption via Arbitrary Page Response
CVSS 9.8
CVE-2019-10506 HIGH
Qualcomm Multiple Chipsets Firmware - Improper Input Validation in QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY
CVSS 7.8
CVE-2019-10501 HIGH
Qualcomm Snapdragon Firmware - Use-After-Free in Volume Listener Library
CVSS 7.8
CVE-2019-16676 CRITICAL
Plataformatec Simple Form - Code Injection
CVSS 9.8
CVE-2019-9433 MEDIUM
Android 10 - Information Disclosure via Improper Input Validation in libvpx
CVSS 6.5
CVE-2019-9432 HIGH
Android 10 - Remote Information Disclosure via Bluetooth Out-of-Bounds Read
CVSS 7.5
CVE-2019-9418 MEDIUM
Android 10 - Remote Denial of Service via Missing Bounds Check in libstagefright
CVSS 6.5
CVE-2019-9414 MEDIUM
Android 10 - Man-in-the-Middle via Improper Certificate BasicConstraints Validation
CVSS 5.9
CVE-2019-9404 HIGH
Android 10 - Remote Denial of Service via Bluetooth Missing Bounds Check
CVSS 7.5
CVE-2019-9402 HIGH
Android 10 - Remote Denial of Service via Bluetooth Missing Bounds Check
CVSS 7.5
CVE-2019-9401 HIGH
Android 10 - Remote Denial of Service via Bluetooth Missing Bounds Check
CVSS 7.5
CVE-2019-9398 HIGH
Android 10 - Remote Denial of Service via Bluetooth Missing Bounds Check
CVSS 7.5
CVE-2019-9397 HIGH
Android 10 - Remote Denial of Service via Bluetooth Missing Bounds Check
CVSS 7.5
CVE-2019-9396 HIGH
Android 10 - Remote Denial of Service via Bluetooth Missing Bounds Check
CVSS 7.5
Details
Vulnerabilities 12,591
Exploit Likelihood High