CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,596 vulnerabilities with CWE-20
CVE-2018-20614 HIGH
CIM 0.9.3 - Unauthenticated Application Reload via Install Endpoint
CVSS 7.5
CVE-2018-14988 HIGH
MXQ TV Box Firmware 4.4.2 - Denial of Service via SystemRestoreReceiver Broadcast
CVSS 7.5
CVE-2018-20575 HIGH
Orange ARV7519RW22 Livebox 2.1 Firmware - Improper Input Validation in Firmware Update Mechanism
CVSS 7.5
CVE-2018-5203 CRITICAL
DEXTUploadX5 1.0.0.0-2.2.0.0 - Remote Code Execution via ActiveX Method Argument Manipulation
CVSS 9.8
CVE-2018-20551 MEDIUM
Poppler 0.72.0 - Denial of Service via Invalid Rich Media Annotation
CVSS 6.5
CVE-2018-20539 MEDIUM
liblas 1.8.1 - Denial of Service via SpatialReference GetGTIF Function
CVSS 6.5
CVE-2018-20519 HIGH
74cms v4.2.111 - Authenticated Arbitrary Resume Read and Modify via Personal Basic Info Update
CVSS 8.1
CVE-2018-20404 HIGH
VIA Technologies EPIA-E900 Firmware - Denial of Service via ETK_E900.sys IOCTL 0x9C402048
CVSS 7.5
CVE-2018-19869 MEDIUM
Qt < 5.11.3 - Denial of Service via Malformed SVG Image
CVSS 6.5
CVE-2018-7832 HIGH
Pro-Face GP-Pro EX <4.08 - Code Injection
CVSS 8.8
CVE-2018-20424 MEDIUM
DiscuzX 3.4 - Unauthenticated Data Deletion via WeChat Unbind Request
CVSS 5.9
CVE-2018-19005 HIGH
Cscape <= 9.80.75.3 SP3 - Remote Code Execution via Crafted POC File
CVSS 7.8
CVE-2018-1000883 MEDIUM
Elixir Plug Plug <1.3.5 - Header Injection
CVSS 6.5
CVE-2018-15330 HIGH
BIG-IP <14.0.0.2, 13.1.1.1, 12.1.3.7 - DoS
CVSS 7.5
CVE-2018-1000873 MEDIUM
jackson-modules-java8 < 2.9.8 - Denial of Service via Large Nanoseconds Field in Time Value
CVSS 6.5
CVE-2018-1000849 HIGH
Alpine Linux <2.6.10, 2.7.6, 2.10.1 - Remote Code Execution
CVSS 8.8
CVE-2018-1000815 MEDIUM
Brave <0.24.0 - Script Execution Despite Blocked Setting
CVSS 4.3
CVE-2018-5199 HIGH
wizvera Veraport G3 - Unauthenticated Arbitrary File Write via Insufficient Domain Validation
CVSS 8.8
CVE-2018-20301 MEDIUM
Steve Pallen Coherence <0.5.2 - Mass Assignment
CVSS 6.5
CVE-2018-11799 MEDIUM
Apache Oozie <5.0.0 - Privilege Escalation
CVSS 6.5
CVE-2018-18999 HIGH
Advantech WebAccess/SCADA - Stack-Based Buffer Overflow via Improper Input Validation
CVSS 7.3
CVE-2018-17194 HIGH
Apache NiFi 1.0.0-1.7.1 - Denial of Service via DELETE Request Content-Length Handling
CVSS 7.5
CVE-2018-19522 MEDIUM
DriverAgent 2.2015.7.14 - Memory Corruption
CVSS 5.5
CVE-2018-20189 MEDIUM
GraphicsMagick 1.3.31 - Denial of Service via Crafted DIB File
CVSS 6.5
CVE-2018-19936 MEDIUM
PrinterOn Enterprise 4.1.4 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 12,596
Exploit Likelihood High