CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,596 vulnerabilities with CWE-20
CVE-2018-20580 HIGH
SmartBear ReadyAPI 2.5.0-2.6.0 - Remote Code Execution via WSDL Import
CVSS 8.8
CVE-2018-2015 MEDIUM
IBM API Connect < 2018.4.1.4 - Improper Input Validation
CVSS 6.4
CVE-2018-20835 HIGH
tar-fs < 1.16.2 - Arbitrary File Overwrite via Hardlink and Plain File Extraction
CVSS 7.5
CVE-2018-15003 HIGH
Coolpad Defiant and T-Mobile Revvl Plus Firmware - Unauthenticated Factory Reset via UiccReceiver Broadcast Receiver
CVSS 7.5
CVE-2018-14994 HIGH
Essential Phone Android - Privilege Escalation
CVSS 7.5
CVE-2018-14991 CRITICAL
Coolpad Defiant, ZTE ZMAX Pro, and T-Mobile REVVL Plus - Pre-installed RCS App Arbitrary SMS Access
CVSS 9.8
CVE-2018-14990 HIGH
Coolpad Defiant, ZTE ZMAX Pro, T-Mobile Revvl Plus - RCE
CVSS 7.5
CVE-2018-14989 HIGH
Plum Compass Android - Privilege Escalation
CVSS 7.5
CVE-2018-14983 MEDIUM
Sony Xperia L1 Firmware - Unauthenticated Screenshot Capture and Notification Exposure via Broadcast Receiver
CVSS 5.5
CVE-2018-20823 HIGH
Xiaomi Mi 5s Firmware - Denial of Service via MEMS Ultrasound Attack
CVSS 7.5
CVE-2018-7577 HIGH
Google Snappy 1.1.4 - Memory Corruption via Memcpy Parameter Overlap
CVSS 8.1
CVE-2018-0248 MEDIUM
Cisco Wireless LAN Controller Software < 8.3.150.0 - Authenticated Denial of Service via GUI Configuration Input
CVSS 6.8
CVE-2018-4007 HIGH
Shimo VPN 4.1.5.1 - Privilege Escalation via DeleteConfig Functionality
CVSS 7.1
CVE-2018-4006 HIGH
Shimo VPN 4.1.5.1 - Privilege Escalation via writeConfig Functionality
CVSS 7.8
CVE-2018-4005 HIGH
Shimo VPN 4.1.5.1 - Privilege Escalation via configureRoutingWithCommand Function
CVSS 7.8
CVE-2018-4004 MEDIUM
Shimo VPN 4.1.5.1 - Privilege Escalation via DisconnectService Helper
CVSS 5.5
CVE-2018-16561 HIGH
SIMATIC S7-300 CPUs < V3.X.16 - Unauthenticated Denial of Service via S7 Communication Packet
CVSS 7.5
CVE-2018-16559 HIGH
SIMATIC S7-1500 CPU < V2.5 and <= V1.8.5 - Unauthenticated Denial of Service via Crafted Network Packets
CVSS 7.5
CVE-2018-16558 HIGH
SIMATIC S7-1500 CPU < 1.8.5 - Unauthenticated Denial of Service via Crafted Network Packets
CVSS 7.5
CVE-2018-20487 HIGH
Inteno IOPSYS 1.0-3.16 - Remote Code Execution via Firewall Include Path Injection
CVSS 8.8
CVE-2018-19300 CRITICAL
D-Link DAP-1530, DAP-1610, DWR-111, DWR-116, DWR-512, DWR-711, DWR-712, DWR-921 - RCE via EXCU_SHELL URI
CVSS 9.8
CVE-2018-11966 HIGH
Snapdragon Auto/Mobile/Compute/Wearables - Memory Corruption
CVSS 7.8
CVE-2018-11830 HIGH
Qualcomm MDM9206/9607/9650/9655, MSM8996AU, SD 410/12/820A Firmware Integer Overflow
CVSS 7.8
CVE-2018-4462 MEDIUM
macOS < 10.14.2 - Improper Input Validation
CVSS 5.5
CVE-2018-4460 MEDIUM
iPhone OS < 12.1.1 - Denial of Service
CVSS 6.5
Details
Vulnerabilities 12,596
Exploit Likelihood High