CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,593 vulnerabilities with CWE-20
CVE-2018-1110 HIGH
knot_resolver < 2.3.0 - Denial of Service via Malformed DNS Messages
CVSS 7.5
CVE-2018-25004 MEDIUM
MongoDB 3.6.0-3.6.10 - Authenticated Denial of Service via Explain Command
CVSS 4.9
CVE-2018-25002 HIGH
sunhater kcfinder < 2018-06-01 - Improper Input Validation in uploader.php
CVSS 8.8
CVE-2018-19945 CRITICAL
QNAP QTS 4.3.4-4.3.6 - Arbitrary File Rename via Path Traversal
CVSS 9.1
CVE-2018-15632 CRITICAL
Odoo < 11.0 - Unauthenticated Database Initialization via Improper Input Validation
CVSS 9.1
CVE-2018-16723 HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x12364020
CVSS 7.8
CVE-2018-16722 HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via ZySandbox.sys IOCtl 0x12360094
CVSS 7.8
CVE-2018-16721 HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x12360090
CVSS 7.8
CVE-2018-16720 HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x1236001c
CVSS 7.8
CVE-2018-16719 HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x00221482
CVSS 7.8
CVE-2018-20804 MEDIUM
MongoDB 3.6.0-3.6.12 - Authenticated Denial of Service via applyOps Invocation
CVSS 6.5
CVE-2018-19952 HIGH
QNAP Music Station < 5.3.11 - SQL Injection
CVSS 7.5
CVE-2018-19949 CRITICAL KEV
QNAP QTS < 4.2.6 - OS Command Injection
CVSS 9.8
CVE-2018-21036 HIGH
Sails.js < 1.0.0-46 - Denial of Service via Empty WebSocket Pathname
CVSS 7.5
CVE-2018-21264 HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - SAML Response Expiration Bypass
CVSS 8.8
CVE-2018-21262 HIGH
Mattermost Server < 4.7.3 - Denial of Service via Invalid LaTeX Text
CVSS 7.5
CVE-2018-21259 MEDIUM
Mattermost Server < 4.8.2 - Denial of Service via Malformed Channel Link
CVSS 5.3
CVE-2018-20225 HIGH
pip - Arbitrary Package Installation via --extra-index-url
CVSS 7.8
CVE-2018-8956 MEDIUM
ntp 4.2.8p10-4.2.8p13 - Denial of Service via Spoofed Mode 3 and Mode 5 Packets
CVSS 5.3
CVE-2018-21122 MEDIUM
NETGEAR GS110EMX/GS810EMX/XS512EM/XS724EM Firmware - Denial of Service
CVSS 6.5
CVE-2018-21115 HIGH
NETGEAR XR500 Firmware < 2.3.2.32 - Unauthenticated Remote Code Execution
CVSS 8.8
CVE-2018-21141 MEDIUM
NETGEAR R6100/R7500/R7800/R8900/R9000/WNDR3700/WNDR4300/WNDR4500/WNR2000 Firmware - Denial of Service
CVSS 4.5
CVE-2018-21140 MEDIUM
NETGEAR D3600 and D6000 < 1.0.0.76 - Security Misconfiguration
CVSS 6.5
CVE-2018-21078 HIGH
Samsung Android Contacts - Unauthenticated Video Call Origination via SS and USSD Code Injection
CVSS 7.5
CVE-2018-21068 MEDIUM
Samsung Android O(8.0) - Unauthenticated Secure Folder Access via Split Screen
CVSS 6.2
Details
Vulnerabilities 12,593
Exploit Likelihood High