CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,596 vulnerabilities with CWE-20
CVE-2018-6160 MEDIUM
Chrome < 68.0.3440.75 - URL Spoofing via JavaScript Alert in Prompts
CVSS 6.5
CVE-2018-6140 HIGH
Google Chrome < 67.0.3396.62 - Remote Code Execution via Malicious Chrome Extension
CVSS 8.8
CVE-2018-6139 HIGH
Google Chrome < 67.0.3396.62 - Arbitrary Code Execution via Malicious Extension
CVSS 8.8
CVE-2018-6114 MEDIUM
Google Chrome < 66.0.3359.117 - Content Security Policy Bypass via Object Tag
CVSS 6.5
CVE-2018-6113 MEDIUM
Google Chrome <66.0.3359.117 - CSRF
CVSS 6.5
CVE-2018-6111 HIGH
Google Chrome < 66.0.3359.117 - Remote Code Execution via Developer Tools Network Handler
CVSS 8.8
CVE-2018-6110 MEDIUM
Google Chrome < 66.0.3359.117 - Remote Code Execution via HTML Parsing in Downloads
CVSS 5.4
CVE-2018-6096 MEDIUM
Chrome < 66.0.3359.117 - Fullscreen Notification Overlap via JavaScript Focused Window
CVSS 6.5
CVE-2018-6084 HIGH
Google Chrome < 66.0.3359.117 - Local Arbitrary Code Execution via Updater
CVSS 7.8
CVE-2018-20070 MEDIUM
Google Chrome < 71.0.3578.80 - URL Spoofing via Confusable Characters in URL Formatter
CVSS 6.5
CVE-2018-20068 MEDIUM
Google Chrome <71.0.3578.80 - Info Disclosure
CVSS 4.3
CVE-2018-20065 HIGH
Google Chrome < 71.0.3578.80 - Unsafe Navigation via PDF URI Action
CVSS 8.8
CVE-2018-16088 MEDIUM
Google Chrome < 69.0.3497.81 - Unauthenticated Arbitrary File Download via Blink JS Event Simulation
CVSS 6.5
CVE-2018-16080 MEDIUM
Google Chrome < 69.0.3497.81 - Omnibox Spoofing via Popup Window Handling
CVSS 6.5
CVE-2018-16068 CRITICAL
Google Chrome < 69.0.3497.81 - Sandbox Escape via Mojo Validation Bypass
CVSS 9.6
CVE-2018-20662 MEDIUM
Poppler 0.72.0 - Denial of Service via Mishandled Xref Data Structure
CVSS 6.5
CVE-2018-19478 MEDIUM
Artifex Ghostscript <9.26 - Info Disclosure
CVSS 5.5
CVE-2018-20658 HIGH
Core FTP 2.0 build 653 - Denial of Service via XRMD Command
CVSS 7.5
CVE-2018-5197 HIGH
Xplatform ActiveX <9.2.2 - Command Injection
CVSS 7.8
CVE-2018-20650 MEDIUM
Poppler 0.72.0 - Denial of Service via FileSpec DictLookup Assertion
CVSS 6.5
CVE-2018-6333 CRITICAL
Nuclide < 0.290.0 - Cross-Site Scripting via hhvm-attach Deep Link Hostname Parameter
CVSS 9.8
CVE-2018-6347 HIGH
Proxygen < 2018.12.31.00 - Denial of Service via HTTP/2 Header/Trailer Parsing
CVSS 7.5
CVE-2018-6343 HIGH
Proxygen 2018.10.29.00-2018.11.19.00 - Denial of Service via Certificate/CertificateRequest HTTP2 Frame Parsing
CVSS 7.5
CVE-2018-6335 HIGH
HHVM < 3.21.10 - Denial of Service via Malformed HTTP/2 Frame
CVSS 7.5
CVE-2018-6334 CRITICAL
HHVM <3.25.1-3.21.9 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities 12,596
Exploit Likelihood High