CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,592 vulnerabilities with CWE-20
CVE-2019-11716 HIGH
Firefox < 68.0 - Sandbox Bypass via Non-Enumerable window.globalThis
CVSS 8.3
CVE-2019-11714 CRITICAL
Firefox < 68.0 - Denial of Service via Necko UDP Connection Thread Handling
CVSS 9.8
CVE-2019-11708 CRITICAL KEV
Firefox ESR < 60.7.2, Firefox < 67.0.4, Thunderbird < 60.7.2 - RCE
CVSS 10.0
CVE-2019-11698 MEDIUM
Thunderbird <60.7, Firefox <67, Firefox ESR <60.7 - Info Disclosure
CVSS 5.3
CVE-2019-11697 MEDIUM
Firefox < 67.0 - Extension Installation Spoofing via Key Combination Bypass
CVSS 6.5
CVE-2019-11696 HIGH
Firefox < 67.0 - Unsafe Executable File Handling for .JNLP Extensions
CVSS 7.8
CVE-2019-13097 HIGH
Cat Runner Decorate Home 2.8.0 - Score Parameter Manipulation via Insufficient Input Validation
CVSS 7.5
CVE-2019-1010234 CRITICAL
Linux Foundation ONOS <1.15.0 - RCE
CVSS 9.8
CVE-2019-14211 HIGH
Foxit PhantomPDF <8.3.11 - Memory Corruption
CVSS 7.5
CVE-2019-5680 MEDIUM
NVIDIA Jetson TX1 L4T < R32.2 - Code Execution via Unvalidated nvtboot-cpu Image Load
CVSS 6.7
CVE-2019-1010245 CRITICAL
Linux Foundation ONOS SDN Controller <1.15 - RCE
CVSS 9.8
CVE-2019-7843 HIGH
Adobe Campaign Classic <18.10.5-8984 - Info Disclosure
CVSS 7.5
CVE-2019-1010252 MEDIUM
Linux Foundation ONOS <2.0.0 - Info Disclosure
CVSS 4.9
CVE-2019-1010251 HIGH
Open Information Security Foundation Suricata <4.1.2 - DoS
CVSS 7.5
CVE-2019-1010250 MEDIUM
Linux Foundation ONOS <2.0.0 - Info Disclosure
CVSS 4.9
CVE-2019-1923 MEDIUM
Cisco SPA500 Series IP Phones < 7.6.2sr5 - Authenticated Arbitrary Command Execution via USB Storage Device
CVSS 6.6
CVE-2019-1920 HIGH
Cisco Aironet 3700 Series < 8.2.170.0 - DoS via 802.11r Fast Transition
CVSS 7.4
CVE-2019-3571 MEDIUM
WhatsApp Desktop <0.3.3793 - Info Disclosure
CVSS 5.3
CVE-2019-10191 HIGH
knot_resolver < 4.1.0 - DNSSEC Downgrade via Improper Input Validation
CVSS 7.5
CVE-2019-10190 HIGH
knot_resolver < 3.2.0 - DNSSEC Validation Bypass via NXDOMAIN Answer
CVSS 7.5
CVE-2019-13612 HIGH
MDaemon Email Server <20.0.1 - Info Disclosure
CVSS 7.5
CVE-2019-1113 HIGH
Microsoft .NET Framework and Visual Studio - Markup Parsing Remote Code Execution
CVSS 8.8
CVE-2019-1109 CRITICAL
Microsoft Office - Spoofing via Unvalidated Web Page Request
CVSS 9.1
CVE-2019-1079 MEDIUM
Visual Studio - Information Disclosure via XML Input Parsing
CVSS 6.5
CVE-2019-1072 CRITICAL
Azure DevOps Server and Team Foundation Server - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 12,592
Exploit Likelihood High