CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,596 vulnerabilities with CWE-20
CVE-2018-6161 HIGH
Google Chrome < 68.0.3440.75 - Same Origin Policy Bypass via Crafted HTML Page
CVSS 8.8
CVE-2018-6138 HIGH
Google Chrome <67.0.3396.62 - Privilege Escalation
CVSS 8.1
CVE-2018-6121 HIGH
Google Chrome <66.0.3359.170 - Privilege Escalation
CVSS 8.8
CVE-2018-17460 MEDIUM
Google Chrome <68.0.3440.75 - Info Disclosure
CVSS 6.5
CVE-2018-16064 MEDIUM
Chrome < 68.0.3440.75 - Navigation Restriction Bypass via Malicious Extension
CVSS 6.5
CVE-2018-20846 MEDIUM
OpenJPEG < 2.3.0 - Denial of Service via Out-of-Bounds Access in pi.c Functions
CVSS 6.5
CVE-2018-15735 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Arbitrary Write via IOCtl 0x8000206F
CVSS 5.5
CVE-2018-15734 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Arbitrary Write via szkg64.sys IOCtl 0x8000206B
CVSS 5.5
CVE-2018-15732 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Arbitrary Write via szkg64.sys IOCtl 0x80002063
CVSS 5.5
CVE-2018-15731 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Denial of Service via IOCtl 0x8000205B
CVSS 5.5
CVE-2018-15730 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Denial of Service via IOCtl 0x80002067
CVSS 5.5
CVE-2018-15729 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Denial of Service via szkg64.sys IOCtl 0x8000204B
CVSS 5.5
CVE-2018-15747 CRITICAL
glot-www < 2018-05-19 - Remote Code Execution via Python Files Content JSON
CVSS 9.8
CVE-2018-15737 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Denial of Service via IOCtl 0x80002043
CVSS 5.5
CVE-2018-15736 MEDIUM
STOPzilla AntiMalware 6.5.2.59 - Denial of Service via IOCtl 0x8000204F
CVSS 5.5
CVE-2018-18878 HIGH
Columbia Weather MicroServer Firmware MS_2.6.9900 - Denial of Service via BACnet Daemon Input Validation
CVSS 7.5
CVE-2018-20013 HIGH
UrBackup 2.2.6 - Denial of Service via Malformed Network Request
CVSS 7.5
CVE-2018-13906 CRITICAL
Snapdragon Auto- Snapdragon Compute - Timing Side Channel Analysis
CVSS 9.1
CVE-2018-10947 LOW
Polycom RealPresence Debut Firmware < 1.3.2 - Improper Input Validation
CVSS 3.1
CVE-2018-12147 MEDIUM
Intel <11.21.55 - Privilege Escalation
CVSS 6.7
CVE-2018-9839 MEDIUM
MantisBT < 1.3.14 and 2.0.0 - Authenticated Private Issue Data Exposure via Cloning
CVSS 6.5
CVE-2018-14729 HIGH
Discuz! 1.5-2.5 - Remote Code Execution via Database Backup Feature
CVSS 8.8
CVE-2018-12270 MEDIUM
Valve Steam <1528829181 BETA - CSRF
CVSS 5.4
CVE-2018-18558 MEDIUM
Espressif ESP-IDF 2.x-3.x < 3.0.6 - Arbitrary Code Execution via Bootloader Input Validation Bypass
CVSS 6.4
CVE-2018-6243 HIGH
Android - Arbitrary Code Execution via Widevine Trust Application Input Validation
CVSS 7.8
Details
Vulnerabilities 12,596
Exploit Likelihood High