CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,591 vulnerabilities with CWE-20
CVE-2019-0714 MEDIUM
Microsoft Hyper-V Network Switch - DoS
CVSS 5.8
CVE-2019-1971 CRITICAL
Cisco Enterprise NFV Infrastructure Software 3.6.2-3.8.1 - Unauthenticated Remote Code Execution via Web Portal Input
CVSS 9.8
CVE-2019-1961 MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.10.1 - Authenticated Arbitrary File Read via Tar Package Upload
CVSS 4.9
CVE-2019-1960 MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.11.1 - Authenticated Arbitrary File Read
CVSS 4.4
CVE-2019-1959 MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.11.1 - Authenticated Arbitrary File Read
CVSS 4.4
CVE-2019-1955 HIGH
Cisco Email Security Appliance Firmware - Unauthenticated Filter Bypass via SPF Message Handling
CVSS 7.5
CVE-2019-1954 MEDIUM
Cisco Webex Meetings Server < 4.0(1) - Unauthenticated Open Redirect via URL Parameter
CVSS 6.1
CVE-2019-1952 MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.10.1 - Authenticated Path Traversal via CLI Command Arguments
CVSS 6.7
CVE-2019-1951 MEDIUM
Cisco SD-WAN Firmware < 19.1.0 - Unauthenticated Traffic Filter Bypass via Malicious TCP Packet
CVSS 5.8
CVE-2019-14771 CRITICAL
Backdrop CMS 1.12.0-1.12.7 and 1.13.0-1.13.2 - Authenticated Arbitrary File Upload via Configuration Archive
CVSS 9.8
CVE-2019-1945 MEDIUM
Cisco ASA < 9.4.4.37 Authenticated Privilege Escalation via Smart Tunnel
CVSS 6.7
CVE-2019-1944 HIGH
Cisco Adaptive Security Appliance < 9.4.4.37 - Privilege Escalation via Smart Tunnel
CVSS 7.3
CVE-2019-1918 HIGH
Cisco IOS XR 6.5.2-6.6.3 - Unauthenticated Denial of Service via IS-IS PDU Processing
CVSS 7.4
CVE-2019-1910 HIGH
Cisco IOS XR < 6.6.3 - Unauthenticated Denial of Service via Crafted IS-IS Link-State PDU
CVSS 7.4
CVE-2019-14474 HIGH
eQ-3 CCU3 Firmware < 3.47.15 - Denial of Service via ReGa Call() Function
CVSS 7.5
CVE-2019-1914 HIGH
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Authenticated Command Injection via Web Management Interface
CVSS 7.2
CVE-2019-13143 CRITICAL
Shenzhen Dragon Brothers FB50 Firmware 2.3 - Unauthenticated Ownership Takeover via HTTP Parameter Pollution
CVSS 9.8
CVE-2019-14671 LOW
Firefly III 4.7.17.3 - Info Disclosure
CVSS 3.3
CVE-2019-7899 MEDIUM
Magento Open Source <1.9.4.2 - Info Disclosure
CVSS 5.3
CVE-2019-7898 MEDIUM
Magento <1.9.4.2-2.3.2 - Info Disclosure
CVSS 5.3
CVE-2019-7885 HIGH
Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Authenticated Remote Code Execution via Elasticsearch Config Builder
CVSS 8.8
CVE-2019-9141 CRITICAL
Zoneplayer < 2018.02 - Remote Code Execution via ZInsVX.dll ActiveX Method
CVSS 9.8
CVE-2019-2330 MEDIUM
Qualcomm Snapdragon - Memory Corruption
CVSS 5.5
CVE-2019-14243 HIGH
mastercactapus proxyprotocol <0.0.2 - DoS
CVSS 7.5
CVE-2019-11716 HIGH
Firefox < 68.0 - Sandbox Bypass via Non-Enumerable window.globalThis
CVSS 8.3
Details
Vulnerabilities 12,591
Exploit Likelihood High