CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,591 vulnerabilities with CWE-20
CVE-2019-1257 HIGH
Microsoft SharePoint - Remote Code Execution via Application Package Source Markup
CVSS 8.8
CVE-2019-0928 MEDIUM
Windows 10 and Windows Server 2016 - Denial of Service via Hyper-V Input Validation
CVSS 6.2
CVE-2019-3760 MEDIUM
RSA Identity Governance and Lifecycle < 7.1.0 P08 - Authenticated SQL Injection in Workflow Architect
CVSS 6.4
CVE-2019-5461 LOW
GitLab 11.11.0-11.11.6 - Server-Side Request Forgery via GitHub Integration
CVSS 3.5
CVE-2019-15639 HIGH
Asterisk 13.0.0-13.28.0 - Denial of Service via RTP Packet
CVSS 7.5
CVE-2019-16142 CRITICAL
renderdoc <0.5.0 - Info Disclosure
CVSS 9.8
CVE-2019-16141 HIGH
once_cell < 1.0.1 - Denial of Service via Lazy Initialization Panic
CVSS 7.5
CVE-2019-9453 MEDIUM
Android - Local Information Disclosure via F2FS Touch Driver Input Validation
CVSS 4.4
CVE-2019-9446 MEDIUM
Android - Out-of-Bounds Write in FingerTipS Touchscreen Driver
CVSS 6.7
CVE-2019-9441 MEDIUM
Android kernel - Privilege Escalation
CVSS 6.7
CVE-2019-9254 HIGH
Android 10 - Local Privilege Escalation via Improper Input Validation in zygote.java
CVSS 7.8
CVE-2019-12645 HIGH
Cisco Jabber < 12.6(1) - Authenticated Arbitrary Code Execution via Improper File Permissions
CVSS 7.8
CVE-2019-12633 HIGH
Cisco Unified Contact Center Express - Unauthenticated Server-Side Request Forgery
CVSS 7.5
CVE-2019-12632 HIGH
Cisco Finesse - Unauthenticated Server-Side Request Forgery
CVSS 7.5
CVE-2019-12588 MEDIUM
Espressif ESP8266_NONOS_SDK 2.2.0-3.1.0 - Denial of Service via Crafted 802.11 Beacon Frame
CVSS 6.5
CVE-2019-2389 MEDIUM
MongoDB Server <4.0.11, <3.6.14, <3.4.22 - Privilege Escalation
CVSS 5.3
CVE-2019-5611 HIGH
FreeBSD Remote DoS via IPv6 Stack (12.0-STABLE before r350828, 12.0-RELEASE before p10, etc.)
CVSS 7.5
CVE-2019-1969 MEDIUM
Cisco NX-OS - Unauthenticated SNMP ACL Bypass via Incorrect Length Check
CVSS 5.3
CVE-2019-1968 HIGH
Cisco NX-OS - Unauthenticated Denial of Service via NX-API HTTP Header
CVSS 7.5
CVE-2019-14979 MEDIUM
WooCommerce PayPal Checkout Payment Gateway 1.6.17 - Parameter Tampering in Amount Parameter
CVSS 5.3
CVE-2019-14978 MEDIUM
WooCommerce PayU India Payment Gateway 2.1.1 - Parameter Tampering via purchaseQuantity
CVSS 5.3
CVE-2019-11247 HIGH
Kubernetes < 1.13.9, < 1.14.5, < 1.15.2 - Unauthorized Cluster-Scoped Custom Resource Access via Namespace Impersonation
CVSS 8.1
CVE-2019-10054 HIGH
Suricata <4.1.3 - Memory Corruption
CVSS 7.5
CVE-2019-1964 HIGH
Cisco NX-OS 8.1-8.2(3) - Unauthenticated Denial of Service via Malformed IPv6 Packet
CVSS 8.6
CVE-2019-1963 HIGH
Cisco FXOS and NX-OS - Denial of Service via SNMP ASN.1 Input Validation
CVSS 7.7
Details
Vulnerabilities 12,591
Exploit Likelihood High