The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,596 vulnerabilities with CWE-20
CVE-2018-16528
HIGH
Amazon Web Services FreeRTOS < 1.3.1 - Remote Code Execution via mbedTLS Context Corruption
CVSS 8.1
CVE-2018-9547
HIGH
Android 8.1-9 - Local Privilege Escalation via GraphicBuffer Unflatten Input Validation
CVSS 7.8
CVE-2018-1504
MEDIUM
IBM i2 Enterprise Insight Analysis 2.1.7 - Clickjacking via Malicious Website
CVSS 6.1
CVE-2018-19864
CRITICAL
NUUO NVRmini2 Firmware <= 3.9.1 - Remote Code Execution via Buffer Overflow
CVSS 9.8
CVE-2018-6115
MEDIUM
Google Chrome <66.0.3359.117 - CSRF
CVSS 6.5
CVE-2018-6102
MEDIUM
Google Chrome <66.0.3359.117 - XSS
CVSS 4.3
CVE-2018-6101
HIGH
Google Chrome <66.0.3359.117 - RCE
CVSS 7.5
CVE-2018-6089
MEDIUM
Google Chrome <66.0.3359.117 - Info Disclosure
CVSS 6.5
CVE-2018-6088
HIGH
Google Chrome < 66.0.3359.117 - Remote Code Execution via PDFium Iterator Invalidation
CVSS 8.8
CVE-2018-19591
HIGH
GNU C Library <2.29 - Info Disclosure
CVSS 7.5
CVE-2018-19791
MEDIUM
LiteSpeed OpenLiteSpeed <1.5.0 RC6 - DoS
CVSS 6.5
CVE-2018-19788
HIGH
PolicyKit <0.115 - Privilege Escalation
CVSS 8.8
CVE-2018-15715
CRITICAL
Zoom < 4.1.34814.1119 (Windows), < 4.1.34801.1116 (Mac), <= 2.4.129780.0915 (Linux) - Unauthenticated Message Spoofing
CVSS 9.8
CVE-2018-3948
HIGH
TP-Link TL-R600VPN Firmware - Denial of Service via URI Parsing
CVSS 7.5
CVE-2018-9072
MEDIUM
Lenovo XClarity Integrator < 5.5 - Authenticated Arbitrary File Read via File Download
CVSS 6.5
CVE-2018-19755
MEDIUM
Netwide Assembler (NASM) 2.14rc16 - DoS
CVSS 5.5
CVE-2018-19654
HIGH
Sales & Company Management System < 2018-06-06 - Unauthenticated Account Registration via Username Validation Bypass
CVSS 7.5
CVE-2018-12123
MEDIUM
Node.js <6.15.0, 8.14.0, 10.14.0, 11.3.0 - Info Disclosure
CVSS 4.3
CVE-2018-13361
MEDIUM
TerraMaster TOS 3.1.03 - User Enumeration via usertable.php modgroup Parameter
CVSS 5.3
CVE-2018-11266
HIGH
Android - Use-After-Free via Improper Input Validation in DCI Client
CVSS 7.8
CVE-2018-14663
MEDIUM
PowerDNS DNSDist < 1.3.3 - DNS Record Smuggling via Trailing Data
CVSS 5.9
CVE-2018-13315
CRITICAL
TOTOLINK A3002RU 1.0.8 - Unauthenticated Password Change via formPasswordSetup
CVSS 9.8
CVE-2018-19556
MEDIUM
Z-BlogPHP 1.5 - Content Spoofing via File Preview Mishandling
CVSS 4.3
CVE-2018-19531
CRITICAL
HTTL < 1.0.11 - Remote Code Execution via XMLDecoder Misconfiguration
CVSS 9.8
CVE-2018-19530
CRITICAL
HTTL < 1.0.11 - Remote Code Execution via XStream Deserialization in XML Decoder
CVSS 9.8
Details
Vulnerabilities
12,596
Exploit Likelihood
High