CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,593 vulnerabilities with CWE-20
CVE-2018-21055 CRITICAL
Android N(7.0) on Qualcomm MSM8996 - Arbitrary Script Execution in INIT Context via Custom Image
CVSS 9.8
CVE-2018-21092 MEDIUM
Samsung Android M(6.x) and N(7.x) - Improper Input Validation via NFC Tag AT Command
CVSS 6.5
CVE-2018-13371 HIGH
FortiOS < 5.4.10 - Authenticated Routing Settings Manipulation via ZebOS Component
CVSS 8.8
CVE-2018-20335 HIGH
ASUSWRT 3.0.0.4.384.20308 - Unauthenticated Denial of Service via APP_Installation.asp
CVSS 7.5
CVE-2018-19516 MEDIUM
KDE Applications <18.12.0 - Info Disclosure
CVSS 5.3
CVE-2018-21033 MEDIUM
Hitachi Command Suite < 8.6.2-00 - Authenticated CSS Injection
CVSS 6.5
CVE-2018-1002104 MEDIUM
Kubernetes Ingress Default Backend <1.5 - Info Disclosure
CVSS 5.3
CVE-2018-12207 MEDIUM
Intel Core i3 Firmware - Authenticated Denial of Service via Page Table Update Invalidation
CVSS 6.5
CVE-2018-21020 HIGH
Centreon Web < 2.8.27 - Authentication Bypass via PHP Type Juggling
CVSS 7.5
CVE-2018-10105 CRITICAL
tcpdump < 4.9.3 - Improper Input Validation in SMB Data Printing
CVSS 9.8
CVE-2018-10103 CRITICAL
tcpdump < 4.9.3 - Improper Input Validation in SMB Data Printing
CVSS 9.8
CVE-2018-11782 MEDIUM
Apache Subversion <= 1.9.10, 1.10.4, 1.12.0 - Denial of Service via Read-Only Request
CVSS 6.5
CVE-2018-7081 CRITICAL
ArubaOS < 6.4.4.21 - Remote Code Execution via PAPI Protocol
CVSS 9.8
CVE-2018-20985 CRITICAL
wp-payeezy-pay < 2.98 - Local File Inclusion via pay.php, donate.php, donate-rec, and pay-rec
CVSS 9.8
CVE-2018-20981 CRITICAL
Ninja Forms < 3.3.9 - Unauthenticated Sensitive Data Exposure via Export Personal Data Request
CVSS 9.1
CVE-2018-20980 HIGH
Ninja Forms < 3.2.15 - Parameter Tampering
CVSS 7.5
CVE-2018-20973 CRITICAL
companion_auto_update < 3.2.1 - Local File Inclusion
CVSS 9.8
CVE-2018-14671 CRITICAL
ClickHouse < 18.10.3 - Remote Code Execution via unixODBC Shared Object Loading
CVSS 9.8
CVE-2018-20917 MEDIUM
cPanel < 70.0.23 - Unauthenticated Solr Disabling via Improper Input Validation
CVSS 5.5
CVE-2018-20912 MEDIUM
cPanel < 70.0.23 - Authenticated Remote Code Execution via awstats
CVSS 6.3
CVE-2018-20897 LOW
cPanel 61.9999.55-71.9980.37 - Arbitrary File Unlink via cPAddons Moderation System
CVSS 2.8
CVE-2018-20895 HIGH
cPanel 67.9999.64-71.9980.37 - Improper Input Validation
CVSS 7.2
CVE-2018-20893 LOW
cPanel < 70.0.53 - Unauthenticated File Rename during Account Rename
CVSS 2.3
CVE-2018-20891 MEDIUM
cPanel 69.9999.122-70.0.53 - Arbitrary File Read during File Restoration
CVSS 5.5
CVE-2018-10899 HIGH
Jolokia 1.2-1.6.0 - Cross-Site Request Forgery
CVSS 8.1
Details
Vulnerabilities 12,593
Exploit Likelihood High