The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,593 vulnerabilities with CWE-20
CVE-2018-21055
CRITICAL
Android N(7.0) on Qualcomm MSM8996 - Arbitrary Script Execution in INIT Context via Custom Image
CVSS 9.8
CVE-2018-21092
MEDIUM
Samsung Android M(6.x) and N(7.x) - Improper Input Validation via NFC Tag AT Command
CVSS 6.5
CVE-2018-13371
HIGH
FortiOS < 5.4.10 - Authenticated Routing Settings Manipulation via ZebOS Component
CVSS 8.8
CVE-2018-20335
HIGH
ASUSWRT 3.0.0.4.384.20308 - Unauthenticated Denial of Service via APP_Installation.asp
CVSS 7.5
CVE-2018-19516
MEDIUM
KDE Applications <18.12.0 - Info Disclosure
CVSS 5.3
CVE-2018-21033
MEDIUM
Hitachi Command Suite < 8.6.2-00 - Authenticated CSS Injection
CVSS 6.5
CVE-2018-1002104
MEDIUM
Kubernetes Ingress Default Backend <1.5 - Info Disclosure
CVSS 5.3
CVE-2018-12207
MEDIUM
Intel Core i3 Firmware - Authenticated Denial of Service via Page Table Update Invalidation
CVSS 6.5
CVE-2018-21020
HIGH
Centreon Web < 2.8.27 - Authentication Bypass via PHP Type Juggling
CVSS 7.5
CVE-2018-10105
CRITICAL
tcpdump < 4.9.3 - Improper Input Validation in SMB Data Printing
CVSS 9.8
CVE-2018-10103
CRITICAL
tcpdump < 4.9.3 - Improper Input Validation in SMB Data Printing
CVSS 9.8
CVE-2018-11782
MEDIUM
Apache Subversion <= 1.9.10, 1.10.4, 1.12.0 - Denial of Service via Read-Only Request
CVSS 6.5
CVE-2018-7081
CRITICAL
ArubaOS < 6.4.4.21 - Remote Code Execution via PAPI Protocol
CVSS 9.8
CVE-2018-20985
CRITICAL
wp-payeezy-pay < 2.98 - Local File Inclusion via pay.php, donate.php, donate-rec, and pay-rec
CVSS 9.8
CVE-2018-20981
CRITICAL
Ninja Forms < 3.3.9 - Unauthenticated Sensitive Data Exposure via Export Personal Data Request
CVSS 9.1
CVE-2018-20980
HIGH
Ninja Forms < 3.2.15 - Parameter Tampering
CVSS 7.5
CVE-2018-20973
CRITICAL
companion_auto_update < 3.2.1 - Local File Inclusion
CVSS 9.8
CVE-2018-14671
CRITICAL
ClickHouse < 18.10.3 - Remote Code Execution via unixODBC Shared Object Loading
CVSS 9.8
CVE-2018-20917
MEDIUM
cPanel < 70.0.23 - Unauthenticated Solr Disabling via Improper Input Validation
CVSS 5.5
CVE-2018-20912
MEDIUM
cPanel < 70.0.23 - Authenticated Remote Code Execution via awstats
CVSS 6.3
CVE-2018-20897
LOW
cPanel 61.9999.55-71.9980.37 - Arbitrary File Unlink via cPAddons Moderation System
CVSS 2.8
CVE-2018-20895
HIGH
cPanel 67.9999.64-71.9980.37 - Improper Input Validation
CVSS 7.2
CVE-2018-20893
LOW
cPanel < 70.0.53 - Unauthenticated File Rename during Account Rename
CVSS 2.3
CVE-2018-20891
MEDIUM
cPanel 69.9999.122-70.0.53 - Arbitrary File Read during File Restoration
CVSS 5.5
CVE-2018-10899
HIGH
Jolokia 1.2-1.6.0 - Cross-Site Request Forgery
CVSS 8.1
Details
Vulnerabilities
12,593
Exploit Likelihood
High