The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,596 vulnerabilities with CWE-20
CVE-2018-20893
LOW
cPanel < 70.0.53 - Unauthenticated File Rename during Account Rename
CVSS 2.3
CVE-2018-20891
MEDIUM
cPanel 69.9999.122-70.0.53 - Arbitrary File Read during File Restoration
CVSS 5.5
CVE-2018-10899
HIGH
Jolokia 1.2-1.6.0 - Cross-Site Request Forgery
CVSS 8.1
CVE-2018-20883
MEDIUM
cPanel < 74.0.8 - Unauthenticated FTP Access During Account Suspension
CVSS 6.5
CVE-2018-20882
MEDIUM
cPanel 69.9999.122-70.0.57 - Arbitrary File Write via WHM Force Password Change
CVSS 6.8
CVE-2018-20879
MEDIUM
cPanel < 74.0.8 - Authenticated Remote Code Execution via Fileman::viewfile API
CVSS 6.3
CVE-2018-20873
LOW
cPanel 69.9999.122-70.0.57 - Local ClamAV Daemon Disabling via Improper Input Validation
CVSS 3.3
CVE-2018-20861
MEDIUM
libopenmpt < 0.3.11 - Denial of Service via Malformed Custom Tunings in MPTM Files
CVSS 6.5
CVE-2018-20860
MEDIUM
libopenmpt < 0.3.13 - Denial of Service via Malformed MED Files
CVSS 6.5
CVE-2018-20869
HIGH
cPanel < 76.0.8 - Remote Code Execution via DNSSEC Adminbin
CVSS 7.8
CVE-2018-20864
MEDIUM
cPanel < 76.0.8 - Persistent Virtual FTP Accounts After Domain Removal
CVSS 6.5
CVE-2018-20863
CRITICAL
cPanel < 76.0.8 - Remote Code Execution via Mailing-List Attachments
CVSS 9.8
CVE-2018-11773
CRITICAL
Apache Virtual Computing Lab 2.1-2.5 - Improper Input Validation via Block Allocation Form
CVSS 9.8
CVE-2018-20857
HIGH
Zendesk Samlr < 2.6.2 - XML External Entity Injection via Comment Node
CVSS 7.5
CVE-2018-19629
HIGH
Hyland Perceptive Content Server <7.1.5 - DoS
CVSS 7.5
CVE-2018-20852
MEDIUM
Python 2.0-2.7.16 - Cookie Domain Validation Bypass in http.cookiejar.DefaultPolicy
CVSS 5.3
CVE-2018-19580
MEDIUM
GitLab <11.5.1-11.3.11 - Info Disclosure
CVSS 5.3
CVE-2018-10531
HIGH
America's Army Proving Grounds - DoS
CVSS 7.5
CVE-2018-15738
MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Arbitrary Write via IOCtl 0x8000205F
CVSS 5.5
CVE-2018-14733
HIGH
Odoo 8.x-11.x - Regular Expression Denial of Service in dbfilter_from_header Module
CVSS 7.5
CVE-2018-11686
CRITICAL
FlexPaper < 2.3.6 - Remote Code Execution via Publish Service
CVSS 9.8
CVE-2018-20813
CRITICAL
Pulse Secure Pulse Connect Secure < 8.3R2 - Improper Input Validation in login_meeting.cgi
CVSS 9.8
CVE-2018-20809
HIGH
Pulse Connect Secure < 8.3R5 and Pulse Policy Secure < 5.4R5 - Denial of Service
CVSS 7.5
CVE-2018-14887
MEDIUM
Odoo Community/Enterprise <= 11.0 - DoS & Database Name Disclosure via Host Header Injection
CVSS 6.5
CVE-2018-6176
HIGH
Google Chrome <68.0.3440.75 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities
12,596
Exploit Likelihood
High