The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,592 vulnerabilities with CWE-20
CVE-2019-0966
MEDIUM
Windows 10 and Windows Server 2016/2019 - Denial of Service via Hyper-V Input Validation
CVSS 6.8
CVE-2019-1010295
CRITICAL
Linaro/OP-TEE OP-TEE <3.4.0 - Buffer Overflow
CVSS 9.8
CVE-2019-1873
HIGH
Cisco ASA and FTD - Denial of Service via TLS/SSL Packet Header
CVSS 8.6
CVE-2019-13449
MEDIUM
Zoom < 4.4.2 - Denial of Service via Invalid Launch Requests
CVSS 6.5
CVE-2019-10973
HIGH
Quest KACE Systems Management Appliance < 8.0.320 - Unauthenticated Unintended Access via Troubleshooting Tools
CVSS 7.2
CVE-2019-1933
MEDIUM
Cisco Email Security Appliance - Unauthenticated Filter Bypass and Script Injection via Email Field Input Validation
CVSS 5.8
CVE-2019-1921
MEDIUM
Cisco Email Security Appliance - Unauthenticated Content Filter Bypass via Malicious Attachment Naming
CVSS 5.8
CVE-2019-1909
MEDIUM
Cisco IOS XR 4.3.1-6.6.2 - Unauthenticated Denial of Service via BGP Update Message Processing
CVSS 6.8
CVE-2019-1894
HIGH
Cisco Enterprise NFV Infrastructure Software - Privilege Escalation
CVSS 7.2
CVE-2019-1891
HIGH
Cisco Small Business 200, 300, 500 Series Switches <1.4.10.6 - DoS via Web Interface
CVSS 7.5
CVE-2019-1889
HIGH
Cisco APIC Software - Privilege Escalation
CVSS 7.2
CVE-2019-1886
HIGH
Cisco AsyncOS 10.5-10.5.5-005 - Denial of Service via Malformed SSL Certificate
CVSS 8.6
CVE-2019-1884
HIGH
Cisco AsyncOS 10.1-10.5.5-005 - Authenticated Denial of Service via HTTP/HTTPS Request
CVSS 7.7
CVE-2019-12841
HIGH
JetBrains TeamCity < 2018.2.2 - Directory Traversal via ZIP Extraction
CVSS 7.5
CVE-2019-13127
MEDIUM
draw.io Diagrams < 8.3.14 and mxGraph < 4.0.0 - Stored Cross-Site Scripting via Color Field Input
CVSS 6.1
CVE-2019-5839
MEDIUM
Google Chrome < 75.0.3770.80 - URL Validation Bypass via Crafted URL
CVSS 4.3
CVE-2019-5819
HIGH
Google Chrome < 74.0.3729.108 - Local Arbitrary Code Execution via Clipboard String
CVSS 7.8
CVE-2019-10134
LOW
Moodle <3.7-3.1.18 - Info Disclosure
CVSS 3.7
CVE-2019-12981
HIGH
libming 0.4.8 - Buffer Overflow in SWFShape_setLeftFillStyle
CVSS 8.8
CVE-2019-9085
MEDIUM
Hoteldruid < 2.3.1 - Authenticated Denial of Service via Invalid n_file Parameter
CVSS 6.5
CVE-2019-12936
HIGH
BlueStacks App Player < 4.90 - DNS Rebinding via Exposed IPC Functions
CVSS 7.1
CVE-2019-1906
MEDIUM
Cisco Prime Infrastructure - Authenticated Privilege Escalation via Virtual Domain API Request Manipulation
CVSS 6.5
CVE-2019-1905
MEDIUM
Cisco Email Security Appliance - Content Filter Bypass via GZIP Decompression Engine
CVSS 5.8
CVE-2019-1875
MEDIUM
Cisco Prime Service Catalog - Authenticated Stored Cross-Site Scripting via Configuration Fields
CVSS 4.8
CVE-2019-1843
HIGH
Cisco RV110W RV130W RV215W - Unauthenticated Denial of Service via Web Management Interface
CVSS 8.6
Details
Vulnerabilities
12,592
Exploit Likelihood
High