The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,596 vulnerabilities with CWE-20
CVE-2018-6160
MEDIUM
Chrome < 68.0.3440.75 - URL Spoofing via JavaScript Alert in Prompts
CVSS 6.5
CVE-2018-6140
HIGH
Google Chrome < 67.0.3396.62 - Remote Code Execution via Malicious Chrome Extension
CVSS 8.8
CVE-2018-6139
HIGH
Google Chrome < 67.0.3396.62 - Arbitrary Code Execution via Malicious Extension
CVSS 8.8
CVE-2018-6114
MEDIUM
Google Chrome < 66.0.3359.117 - Content Security Policy Bypass via Object Tag
CVSS 6.5
CVE-2018-6113
MEDIUM
Google Chrome <66.0.3359.117 - CSRF
CVSS 6.5
CVE-2018-6111
HIGH
Google Chrome < 66.0.3359.117 - Remote Code Execution via Developer Tools Network Handler
CVSS 8.8
CVE-2018-6110
MEDIUM
Google Chrome < 66.0.3359.117 - Remote Code Execution via HTML Parsing in Downloads
CVSS 5.4
CVE-2018-6096
MEDIUM
Chrome < 66.0.3359.117 - Fullscreen Notification Overlap via JavaScript Focused Window
CVSS 6.5
CVE-2018-6084
HIGH
Google Chrome < 66.0.3359.117 - Local Arbitrary Code Execution via Updater
CVSS 7.8
CVE-2018-20070
MEDIUM
Google Chrome < 71.0.3578.80 - URL Spoofing via Confusable Characters in URL Formatter
CVSS 6.5
CVE-2018-20068
MEDIUM
Google Chrome <71.0.3578.80 - Info Disclosure
CVSS 4.3
CVE-2018-20065
HIGH
Google Chrome < 71.0.3578.80 - Unsafe Navigation via PDF URI Action
CVSS 8.8
CVE-2018-16088
MEDIUM
Google Chrome < 69.0.3497.81 - Unauthenticated Arbitrary File Download via Blink JS Event Simulation
CVSS 6.5
CVE-2018-16080
MEDIUM
Google Chrome < 69.0.3497.81 - Omnibox Spoofing via Popup Window Handling
CVSS 6.5
CVE-2018-16068
CRITICAL
Google Chrome < 69.0.3497.81 - Sandbox Escape via Mojo Validation Bypass
CVSS 9.6
CVE-2018-20662
MEDIUM
Poppler 0.72.0 - Denial of Service via Mishandled Xref Data Structure
CVSS 6.5
CVE-2018-19478
MEDIUM
Artifex Ghostscript <9.26 - Info Disclosure
CVSS 5.5
CVE-2018-20658
HIGH
Core FTP 2.0 build 653 - Denial of Service via XRMD Command
CVSS 7.5
CVE-2018-5197
HIGH
Xplatform ActiveX <9.2.2 - Command Injection
CVSS 7.8
CVE-2018-20650
MEDIUM
Poppler 0.72.0 - Denial of Service via FileSpec DictLookup Assertion
CVSS 6.5
CVE-2018-6333
CRITICAL
Nuclide < 0.290.0 - Cross-Site Scripting via hhvm-attach Deep Link Hostname Parameter
CVSS 9.8
CVE-2018-6347
HIGH
Proxygen < 2018.12.31.00 - Denial of Service via HTTP/2 Header/Trailer Parsing
CVSS 7.5
CVE-2018-6343
HIGH
Proxygen 2018.10.29.00-2018.11.19.00 - Denial of Service via Certificate/CertificateRequest HTTP2 Frame Parsing
CVSS 7.5
CVE-2018-6335
HIGH
HHVM < 3.21.10 - Denial of Service via Malformed HTTP/2 Frame
CVSS 7.5
CVE-2018-6334
CRITICAL
HHVM <3.25.1-3.21.9 - Info Disclosure
CVSS 9.8
Details
Vulnerabilities
12,596
Exploit Likelihood
High