CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,593 vulnerabilities with CWE-20
CVE-2019-11071 HIGH
SPIP 3.1.0-3.1.9 and 3.2.0-3.2.3 - Authenticated Remote Code Execution via var_memotri Mishandling
CVSS 8.8
CVE-2019-11069 HIGH
Sequelize 5.0.0-5.2.9 - SQL Injection via Improper Input Validation
CVSS 7.5
CVE-2019-0786 CRITICAL
Microsoft SMB Server - Privilege Escalation
CVSS 9.8
CVE-2019-0768 MEDIUM
Internet Explorer - Security Feature Bypass via VBScript Execution Policy
CVSS 4.3
CVE-2019-0701 MEDIUM
Windows 10 and Windows Server 2016/2019 - Denial of Service via Hyper-V Input Validation
CVSS 6.8
CVE-2019-0695 MEDIUM
Windows 10 and Windows Server 2016/2019 - Denial of Service via Hyper-V Input Validation
CVSS 6.8
CVE-2019-0690 MEDIUM
Microsoft Hyper-V Network Switch - DoS
CVSS 6.8
CVE-2019-1798 MEDIUM
ClamAV < 0.101.1 - Unauthenticated Denial of Service via Malformed PE File Parsing
CVSS 5.5
CVE-2019-1788 MEDIUM
ClamAV < 0.101.1 - Denial of Service via OLE2 File Parsing
CVSS 5.5
CVE-2019-11014 CRITICAL
VStarCam Eye4 - Unauthenticated Camera Server Spoofing via Broadcast Response Flood
CVSS 9.8
CVE-2019-1787 MEDIUM
ClamAV < 0.101.1 - Denial of Service via PDF Scanning Heap Buffer Out-of-bounds Read
CVSS 5.5
CVE-2019-1786 MEDIUM
ClamAV 0.101.0-0.101.1 - Denial of Service via PDF Scanning Out-of-bounds Read
CVSS 5.5
CVE-2019-1785 HIGH
ClamAV 0.101.0-0.101.1 - Path Traversal and Arbitrary File Write via RAR File Processing
CVSS 7.8
CVE-2019-10672 CRITICAL
libmysofa < 0.7 - Denial of Service via Improper Input Validation in treeRead
CVSS 9.8
CVE-2019-1760 MEDIUM
Cisco IOS XE - Unauthenticated Denial of Service via Malformed Smart Probe Packets
CVSS 6.8
CVE-2019-1756 HIGH
Cisco IOS XE - Authenticated Remote Code Execution via Web UI Username Input
CVSS 7.2
CVE-2019-1755 MEDIUM
Cisco IOS XE - Authenticated Remote Code Execution via WSMA HTTP Request
CVSS 6.5
CVE-2019-1754 HIGH
Cisco IOS XE - Authenticated Privilege Escalation via Web UI Endpoint
CVSS 8.8
CVE-2019-1753 HIGH
Cisco IOS XE - Authenticated Command Injection via WSMA Input Validation Bypass
CVSS 8.8
CVE-2019-1752 HIGH
Cisco IOS - Unauthenticated Denial of Service via ISDN Q.931 Information Elements
CVSS 7.5
CVE-2019-1751 HIGH
Cisco IOS - Unauthenticated Denial of Service via NAT64 IPv4 Packet Handling
CVSS 8.6
CVE-2019-1750 HIGH
Cisco IOS XE - Unauthenticated Denial of Service via CDP Packet Processing
CVSS 7.4
CVE-2019-1749 HIGH
Cisco IOS XE for ASR 900 RSP3 - Unauthenticated Denial of Service via Malformed OSPFv2 Message
CVSS 7.4
CVE-2019-1747 HIGH
Cisco IOS and IOS XE - Denial of Service via Malicious SMS PDU
CVSS 8.6
CVE-2019-1746 HIGH
Cisco IOS - Unauthenticated Denial of Service via Cluster Management Protocol Input Validation
CVSS 7.4
Details
Vulnerabilities 12,593
Exploit Likelihood High