The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,593 vulnerabilities with CWE-20
CVE-2018-1110
HIGH
knot_resolver < 2.3.0 - Denial of Service via Malformed DNS Messages
CVSS 7.5
CVE-2018-25004
MEDIUM
MongoDB 3.6.0-3.6.10 - Authenticated Denial of Service via Explain Command
CVSS 4.9
CVE-2018-25002
HIGH
sunhater kcfinder < 2018-06-01 - Improper Input Validation in uploader.php
CVSS 8.8
CVE-2018-19945
CRITICAL
QNAP QTS 4.3.4-4.3.6 - Arbitrary File Rename via Path Traversal
CVSS 9.1
CVE-2018-15632
CRITICAL
Odoo < 11.0 - Unauthenticated Database Initialization via Improper Input Validation
CVSS 9.1
CVE-2018-16723
HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x12364020
CVSS 7.8
CVE-2018-16722
HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via ZySandbox.sys IOCtl 0x12360094
CVSS 7.8
CVE-2018-16721
HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x12360090
CVSS 7.8
CVE-2018-16720
HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x1236001c
CVSS 7.8
CVE-2018-16719
HIGH
Jingyun Antivirus 2.4.2.39 - Denial of Service via IOCtl 0x00221482
CVSS 7.8
CVE-2018-20804
MEDIUM
MongoDB 3.6.0-3.6.12 - Authenticated Denial of Service via applyOps Invocation
CVSS 6.5
CVE-2018-19952
HIGH
QNAP Music Station < 5.3.11 - SQL Injection
CVSS 7.5
CVE-2018-19949
CRITICAL
KEV
QNAP QTS < 4.2.6 - OS Command Injection
CVSS 9.8
CVE-2018-21036
HIGH
Sails.js < 1.0.0-46 - Denial of Service via Empty WebSocket Pathname
CVSS 7.5
CVE-2018-21264
HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - SAML Response Expiration Bypass
CVSS 8.8
CVE-2018-21262
HIGH
Mattermost Server < 4.7.3 - Denial of Service via Invalid LaTeX Text
CVSS 7.5
CVE-2018-21259
MEDIUM
Mattermost Server < 4.8.2 - Denial of Service via Malformed Channel Link
CVSS 5.3
CVE-2018-20225
HIGH
pip - Arbitrary Package Installation via --extra-index-url
CVSS 7.8
CVE-2018-8956
MEDIUM
ntp 4.2.8p10-4.2.8p13 - Denial of Service via Spoofed Mode 3 and Mode 5 Packets
CVSS 5.3
CVE-2018-21122
MEDIUM
NETGEAR GS110EMX/GS810EMX/XS512EM/XS724EM Firmware - Denial of Service
CVSS 6.5
CVE-2018-21115
HIGH
NETGEAR XR500 Firmware < 2.3.2.32 - Unauthenticated Remote Code Execution
CVSS 8.8
CVE-2018-21141
MEDIUM
NETGEAR R6100/R7500/R7800/R8900/R9000/WNDR3700/WNDR4300/WNDR4500/WNR2000 Firmware - Denial of Service
CVSS 4.5
CVE-2018-21140
MEDIUM
NETGEAR D3600 and D6000 < 1.0.0.76 - Security Misconfiguration
CVSS 6.5
CVE-2018-21078
HIGH
Samsung Android Contacts - Unauthenticated Video Call Origination via SS and USSD Code Injection
CVSS 7.5
CVE-2018-21068
MEDIUM
Samsung Android O(8.0) - Unauthenticated Secure Folder Access via Split Screen
CVSS 6.2
Details
Vulnerabilities
12,593
Exploit Likelihood
High