The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,591 vulnerabilities with CWE-20
CVE-2019-0714
MEDIUM
Microsoft Hyper-V Network Switch - DoS
CVSS 5.8
CVE-2019-1971
CRITICAL
Cisco Enterprise NFV Infrastructure Software 3.6.2-3.8.1 - Unauthenticated Remote Code Execution via Web Portal Input
CVSS 9.8
CVE-2019-1961
MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.10.1 - Authenticated Arbitrary File Read via Tar Package Upload
CVSS 4.9
CVE-2019-1960
MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.11.1 - Authenticated Arbitrary File Read
CVSS 4.4
CVE-2019-1959
MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.11.1 - Authenticated Arbitrary File Read
CVSS 4.4
CVE-2019-1955
HIGH
Cisco Email Security Appliance Firmware - Unauthenticated Filter Bypass via SPF Message Handling
CVSS 7.5
CVE-2019-1954
MEDIUM
Cisco Webex Meetings Server < 4.0(1) - Unauthenticated Open Redirect via URL Parameter
CVSS 6.1
CVE-2019-1952
MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.10.1 - Authenticated Path Traversal via CLI Command Arguments
CVSS 6.7
CVE-2019-1951
MEDIUM
Cisco SD-WAN Firmware < 19.1.0 - Unauthenticated Traffic Filter Bypass via Malicious TCP Packet
CVSS 5.8
CVE-2019-14771
CRITICAL
Backdrop CMS 1.12.0-1.12.7 and 1.13.0-1.13.2 - Authenticated Arbitrary File Upload via Configuration Archive
CVSS 9.8
CVE-2019-1945
MEDIUM
Cisco ASA < 9.4.4.37 Authenticated Privilege Escalation via Smart Tunnel
CVSS 6.7
CVE-2019-1944
HIGH
Cisco Adaptive Security Appliance < 9.4.4.37 - Privilege Escalation via Smart Tunnel
CVSS 7.3
CVE-2019-1918
HIGH
Cisco IOS XR 6.5.2-6.6.3 - Unauthenticated Denial of Service via IS-IS PDU Processing
CVSS 7.4
CVE-2019-1910
HIGH
Cisco IOS XR < 6.6.3 - Unauthenticated Denial of Service via Crafted IS-IS Link-State PDU
CVSS 7.4
CVE-2019-14474
HIGH
eQ-3 CCU3 Firmware < 3.47.15 - Denial of Service via ReGa Call() Function
CVSS 7.5
CVE-2019-1914
HIGH
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Authenticated Command Injection via Web Management Interface
CVSS 7.2
CVE-2019-13143
CRITICAL
Shenzhen Dragon Brothers FB50 Firmware 2.3 - Unauthenticated Ownership Takeover via HTTP Parameter Pollution
CVSS 9.8
CVE-2019-14671
LOW
Firefly III 4.7.17.3 - Info Disclosure
CVSS 3.3
CVE-2019-7899
MEDIUM
Magento Open Source <1.9.4.2 - Info Disclosure
CVSS 5.3
CVE-2019-7898
MEDIUM
Magento <1.9.4.2-2.3.2 - Info Disclosure
CVSS 5.3
CVE-2019-7885
HIGH
Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Authenticated Remote Code Execution via Elasticsearch Config Builder
CVSS 8.8
CVE-2019-9141
CRITICAL
Zoneplayer < 2018.02 - Remote Code Execution via ZInsVX.dll ActiveX Method
CVSS 9.8
CVE-2019-2330
MEDIUM
Qualcomm Snapdragon - Memory Corruption
CVSS 5.5
CVE-2019-14243
HIGH
mastercactapus proxyprotocol <0.0.2 - DoS
CVSS 7.5
CVE-2019-11716
HIGH
Firefox < 68.0 - Sandbox Bypass via Non-Enumerable window.globalThis
CVSS 8.3
Details
Vulnerabilities
12,591
Exploit Likelihood
High