CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,592 vulnerabilities with CWE-20
CVE-2019-0966 MEDIUM
Windows 10 and Windows Server 2016/2019 - Denial of Service via Hyper-V Input Validation
CVSS 6.8
CVE-2019-1010295 CRITICAL
Linaro/OP-TEE OP-TEE <3.4.0 - Buffer Overflow
CVSS 9.8
CVE-2019-1873 HIGH
Cisco ASA and FTD - Denial of Service via TLS/SSL Packet Header
CVSS 8.6
CVE-2019-13449 MEDIUM
Zoom < 4.4.2 - Denial of Service via Invalid Launch Requests
CVSS 6.5
CVE-2019-10973 HIGH
Quest KACE Systems Management Appliance < 8.0.320 - Unauthenticated Unintended Access via Troubleshooting Tools
CVSS 7.2
CVE-2019-1933 MEDIUM
Cisco Email Security Appliance - Unauthenticated Filter Bypass and Script Injection via Email Field Input Validation
CVSS 5.8
CVE-2019-1921 MEDIUM
Cisco Email Security Appliance - Unauthenticated Content Filter Bypass via Malicious Attachment Naming
CVSS 5.8
CVE-2019-1909 MEDIUM
Cisco IOS XR 4.3.1-6.6.2 - Unauthenticated Denial of Service via BGP Update Message Processing
CVSS 6.8
CVE-2019-1894 HIGH
Cisco Enterprise NFV Infrastructure Software - Privilege Escalation
CVSS 7.2
CVE-2019-1891 HIGH
Cisco Small Business 200, 300, 500 Series Switches <1.4.10.6 - DoS via Web Interface
CVSS 7.5
CVE-2019-1889 HIGH
Cisco APIC Software - Privilege Escalation
CVSS 7.2
CVE-2019-1886 HIGH
Cisco AsyncOS 10.5-10.5.5-005 - Denial of Service via Malformed SSL Certificate
CVSS 8.6
CVE-2019-1884 HIGH
Cisco AsyncOS 10.1-10.5.5-005 - Authenticated Denial of Service via HTTP/HTTPS Request
CVSS 7.7
CVE-2019-12841 HIGH
JetBrains TeamCity < 2018.2.2 - Directory Traversal via ZIP Extraction
CVSS 7.5
CVE-2019-13127 MEDIUM
draw.io Diagrams < 8.3.14 and mxGraph < 4.0.0 - Stored Cross-Site Scripting via Color Field Input
CVSS 6.1
CVE-2019-5839 MEDIUM
Google Chrome < 75.0.3770.80 - URL Validation Bypass via Crafted URL
CVSS 4.3
CVE-2019-5819 HIGH
Google Chrome < 74.0.3729.108 - Local Arbitrary Code Execution via Clipboard String
CVSS 7.8
CVE-2019-10134 LOW
Moodle <3.7-3.1.18 - Info Disclosure
CVSS 3.7
CVE-2019-12981 HIGH
libming 0.4.8 - Buffer Overflow in SWFShape_setLeftFillStyle
CVSS 8.8
CVE-2019-9085 MEDIUM
Hoteldruid < 2.3.1 - Authenticated Denial of Service via Invalid n_file Parameter
CVSS 6.5
CVE-2019-12936 HIGH
BlueStacks App Player < 4.90 - DNS Rebinding via Exposed IPC Functions
CVSS 7.1
CVE-2019-1906 MEDIUM
Cisco Prime Infrastructure - Authenticated Privilege Escalation via Virtual Domain API Request Manipulation
CVSS 6.5
CVE-2019-1905 MEDIUM
Cisco Email Security Appliance - Content Filter Bypass via GZIP Decompression Engine
CVSS 5.8
CVE-2019-1875 MEDIUM
Cisco Prime Service Catalog - Authenticated Stored Cross-Site Scripting via Configuration Fields
CVSS 4.8
CVE-2019-1843 HIGH
Cisco RV110W RV130W RV215W - Unauthenticated Denial of Service via Web Management Interface
CVSS 8.6
Details
Vulnerabilities 12,592
Exploit Likelihood High