CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,596 vulnerabilities with CWE-20
CVE-2018-16528 HIGH
Amazon Web Services FreeRTOS < 1.3.1 - Remote Code Execution via mbedTLS Context Corruption
CVSS 8.1
CVE-2018-9547 HIGH
Android 8.1-9 - Local Privilege Escalation via GraphicBuffer Unflatten Input Validation
CVSS 7.8
CVE-2018-1504 MEDIUM
IBM i2 Enterprise Insight Analysis 2.1.7 - Clickjacking via Malicious Website
CVSS 6.1
CVE-2018-19864 CRITICAL
NUUO NVRmini2 Firmware <= 3.9.1 - Remote Code Execution via Buffer Overflow
CVSS 9.8
CVE-2018-6115 MEDIUM
Google Chrome <66.0.3359.117 - CSRF
CVSS 6.5
CVE-2018-6102 MEDIUM
Google Chrome <66.0.3359.117 - XSS
CVSS 4.3
CVE-2018-6101 HIGH
Google Chrome <66.0.3359.117 - RCE
CVSS 7.5
CVE-2018-6089 MEDIUM
Google Chrome <66.0.3359.117 - Info Disclosure
CVSS 6.5
CVE-2018-6088 HIGH
Google Chrome < 66.0.3359.117 - Remote Code Execution via PDFium Iterator Invalidation
CVSS 8.8
CVE-2018-19591 HIGH
GNU C Library <2.29 - Info Disclosure
CVSS 7.5
CVE-2018-19791 MEDIUM
LiteSpeed OpenLiteSpeed <1.5.0 RC6 - DoS
CVSS 6.5
CVE-2018-19788 HIGH
PolicyKit <0.115 - Privilege Escalation
CVSS 8.8
CVE-2018-15715 CRITICAL
Zoom < 4.1.34814.1119 (Windows), < 4.1.34801.1116 (Mac), <= 2.4.129780.0915 (Linux) - Unauthenticated Message Spoofing
CVSS 9.8
CVE-2018-3948 HIGH
TP-Link TL-R600VPN Firmware - Denial of Service via URI Parsing
CVSS 7.5
CVE-2018-9072 MEDIUM
Lenovo XClarity Integrator < 5.5 - Authenticated Arbitrary File Read via File Download
CVSS 6.5
CVE-2018-19755 MEDIUM
Netwide Assembler (NASM) 2.14rc16 - DoS
CVSS 5.5
CVE-2018-19654 HIGH
Sales & Company Management System < 2018-06-06 - Unauthenticated Account Registration via Username Validation Bypass
CVSS 7.5
CVE-2018-12123 MEDIUM
Node.js <6.15.0, 8.14.0, 10.14.0, 11.3.0 - Info Disclosure
CVSS 4.3
CVE-2018-13361 MEDIUM
TerraMaster TOS 3.1.03 - User Enumeration via usertable.php modgroup Parameter
CVSS 5.3
CVE-2018-11266 HIGH
Android - Use-After-Free via Improper Input Validation in DCI Client
CVSS 7.8
CVE-2018-14663 MEDIUM
PowerDNS DNSDist < 1.3.3 - DNS Record Smuggling via Trailing Data
CVSS 5.9
CVE-2018-13315 CRITICAL
TOTOLINK A3002RU 1.0.8 - Unauthenticated Password Change via formPasswordSetup
CVSS 9.8
CVE-2018-19556 MEDIUM
Z-BlogPHP 1.5 - Content Spoofing via File Preview Mishandling
CVSS 4.3
CVE-2018-19531 CRITICAL
HTTL < 1.0.11 - Remote Code Execution via XMLDecoder Misconfiguration
CVSS 9.8
CVE-2018-19530 CRITICAL
HTTL < 1.0.11 - Remote Code Execution via XStream Deserialization in XML Decoder
CVSS 9.8
Details
Vulnerabilities 12,596
Exploit Likelihood High