CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,592 vulnerabilities with CWE-20
CVE-2019-1729 MEDIUM
Cisco NX-OS < 7.0(3)I4(9) - Authenticated Arbitrary File Write via Image Maintenance Command
CVSS 6.0
CVE-2019-1726 HIGH
Cisco NX-OS 5.2-6.2(25) - Authenticated OS Command Injection via CLI Argument
CVSS 7.8
CVE-2019-5598 HIGH
FreeBSD Packet Filter Bypass via ICMP/ICMP6 Destination IP Spoofing
CVSS 7.5
CVE-2019-5597 CRITICAL
FreeBSD 11.2-RELEASE < 11.2-RELEASE-p10 and 12.0-RELEASE < 12.0-RELEASE-p4 - DoS via IPv6 Fragment Reassembly
CVSS 9.1
CVE-2019-1862 HIGH
Cisco IOS XE - Authenticated Remote Code Execution via Web UI Input Sanitization Bypass
CVSS 7.2
CVE-2019-9847 HIGH
LibreOffice < 6.1.6 - Unauthenticated Arbitrary Executable Launch via Hyperlink Processing
CVSS 7.8
CVE-2019-11832 HIGH
TYPO3 8.0.0-8.7.24 and 9.0.0-9.5.5 - Remote Code Execution via Image Processing Configuration
CVSS 7.5
CVE-2019-2051 HIGH
Android 7.0-9 - Out-of-Bounds Read in spaces.h
CVSS 7.5
CVE-2019-7443 HIGH
KDE KAuth < 5.55.0 - Unauthenticated Arbitrary Plugin Execution via DBus Parameter Injection
CVSS 8.1
CVE-2019-1844 MEDIUM
Cisco Email Security Appliance - Unauthenticated Filter Bypass via Missing Content-Disposition
CVSS 5.3
CVE-2019-1817 HIGH
Cisco Web Security Appliance - Denial of Service via Malformed HTTP/HTTPS Request
CVSS 7.5
CVE-2019-1816 HIGH
Cisco Web Security Appliance - Authenticated Command Injection and Privilege Escalation via Log Subscription Subsystem
CVSS 7.8
CVE-2019-1697 MEDIUM
Cisco ASA <9.6.4.25, >=9.7 <9.8.4 & FTD <6.2.3.12 - DoS via LDAP Parsing
CVSS 6.8
CVE-2019-1694 HIGH
Cisco ASA <9.4.4.34, >=9.5 <9.6.4.25 & FTD <6.2.3.12 - DoS via TCP Traffic
CVSS 8.6
CVE-2019-1687 HIGH
Cisco ASA <9.4.4.34, 9.5-9.6.4.25 & FTD 6.0.0-6.2.3.12 - DoS via TCP Inspection
CVSS 7.5
CVE-2019-1682 HIGH
Cisco APIC < 4.1(1i) Privilege Escalation via FUSE Command Injection
CVSS 7.8
CVE-2019-1592 HIGH
Cisco Nexus 9000 - Privilege Escalation
CVSS 7.8
CVE-2019-1587 MEDIUM
Cisco NX-OS - Information Disclosure via Filtered Query Command
CVSS 4.3
CVE-2019-11687 HIGH
NEMA DICOM Standard 1995-2019b - Code Injection
CVSS 7.8
CVE-2019-9826 HIGH
phpBB < 3.2.6 - Denial of Service via Fulltext Search Component
CVSS 7.5
CVE-2019-11595 CRITICAL
uBlock Origin < 0.9.5.15 - Remote Code Execution via $rewrite Filter Option
CVSS 9.0
CVE-2019-9807 MEDIUM
Firefox < 66.0 - Spoofing via FTP Modal Alert Injection
CVSS 4.3
CVE-2019-9801 MEDIUM
Firefox < 66.0, Firefox ESR < 60.6, Thunderbird < 60.6 - External Protocol Handler Execution
CVSS 5.3
CVE-2019-9799 HIGH
Firefox < 66.0 - Out-of-bounds Read via Inter-Process Communication
CVSS 7.5
CVE-2019-11218 HIGH
Bonobo Git Server < 6.5.0 - Authenticated Privilege Escalation via User Profile Parameter Injection
CVSS 8.8
Details
Vulnerabilities 12,592
Exploit Likelihood High