CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,596 vulnerabilities with CWE-20
CVE-2018-20893 LOW
cPanel < 70.0.53 - Unauthenticated File Rename during Account Rename
CVSS 2.3
CVE-2018-20891 MEDIUM
cPanel 69.9999.122-70.0.53 - Arbitrary File Read during File Restoration
CVSS 5.5
CVE-2018-10899 HIGH
Jolokia 1.2-1.6.0 - Cross-Site Request Forgery
CVSS 8.1
CVE-2018-20883 MEDIUM
cPanel < 74.0.8 - Unauthenticated FTP Access During Account Suspension
CVSS 6.5
CVE-2018-20882 MEDIUM
cPanel 69.9999.122-70.0.57 - Arbitrary File Write via WHM Force Password Change
CVSS 6.8
CVE-2018-20879 MEDIUM
cPanel < 74.0.8 - Authenticated Remote Code Execution via Fileman::viewfile API
CVSS 6.3
CVE-2018-20873 LOW
cPanel 69.9999.122-70.0.57 - Local ClamAV Daemon Disabling via Improper Input Validation
CVSS 3.3
CVE-2018-20861 MEDIUM
libopenmpt < 0.3.11 - Denial of Service via Malformed Custom Tunings in MPTM Files
CVSS 6.5
CVE-2018-20860 MEDIUM
libopenmpt < 0.3.13 - Denial of Service via Malformed MED Files
CVSS 6.5
CVE-2018-20869 HIGH
cPanel < 76.0.8 - Remote Code Execution via DNSSEC Adminbin
CVSS 7.8
CVE-2018-20864 MEDIUM
cPanel < 76.0.8 - Persistent Virtual FTP Accounts After Domain Removal
CVSS 6.5
CVE-2018-20863 CRITICAL
cPanel < 76.0.8 - Remote Code Execution via Mailing-List Attachments
CVSS 9.8
CVE-2018-11773 CRITICAL
Apache Virtual Computing Lab 2.1-2.5 - Improper Input Validation via Block Allocation Form
CVSS 9.8
CVE-2018-20857 HIGH
Zendesk Samlr < 2.6.2 - XML External Entity Injection via Comment Node
CVSS 7.5
CVE-2018-19629 HIGH
Hyland Perceptive Content Server <7.1.5 - DoS
CVSS 7.5
CVE-2018-20852 MEDIUM
Python 2.0-2.7.16 - Cookie Domain Validation Bypass in http.cookiejar.DefaultPolicy
CVSS 5.3
CVE-2018-19580 MEDIUM
GitLab <11.5.1-11.3.11 - Info Disclosure
CVSS 5.3
CVE-2018-10531 HIGH
America's Army Proving Grounds - DoS
CVSS 7.5
CVE-2018-15738 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Arbitrary Write via IOCtl 0x8000205F
CVSS 5.5
CVE-2018-14733 HIGH
Odoo 8.x-11.x - Regular Expression Denial of Service in dbfilter_from_header Module
CVSS 7.5
CVE-2018-11686 CRITICAL
FlexPaper < 2.3.6 - Remote Code Execution via Publish Service
CVSS 9.8
CVE-2018-20813 CRITICAL
Pulse Secure Pulse Connect Secure < 8.3R2 - Improper Input Validation in login_meeting.cgi
CVSS 9.8
CVE-2018-20809 HIGH
Pulse Connect Secure < 8.3R5 and Pulse Policy Secure < 5.4R5 - Denial of Service
CVSS 7.5
CVE-2018-14887 MEDIUM
Odoo Community/Enterprise <= 11.0 - DoS & Database Name Disclosure via Host Header Injection
CVSS 6.5
CVE-2018-6176 HIGH
Google Chrome <68.0.3440.75 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 12,596
Exploit Likelihood High