CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-12176 HIGH
Intel NUC Kits - Info Disclosure, Privilege Escalation, DoS
CVSS 8.2
CVE-2018-7923 HIGH
Huawei ALP-L09 <8.0.0.150(C432) - Code Injection
CVSS 7.8
CVE-2018-7922 HIGH
Huawei ALP-L09 <8.0.0.150(C432) - Code Injection
CVSS 7.8
CVE-2018-7906 MEDIUM
Huawei Leland-AL00/Leland-AL00A 8.0.0.* - DoS
CVSS 5.5
CVE-2018-6924 HIGH
FreeBSD Kernel Memory Disclosure and DoS via ELF Header Parsing
CVSS 7.1
CVE-2018-13807 HIGH
SCALANCE X300, X408 < 4.0.0, X414 - Unauthenticated Denial of Service via Crafted Packets to Web Interface
CVSS 8.6
CVE-2018-2465 HIGH
SAP HANA 1.0 and 2.0 - Denial of Service via OData Parser XML Validation Bypass
CVSS 7.5
CVE-2018-2462 HIGH
SAP NetWeaver BI 7.30-7.50 - XML External Entity Injection in BEx Web Java Runtime Export Web Service
CVSS 8.8
CVE-2018-10935 MEDIUM
389 Directory Server 1.3.0.0-1.3.8.7 - Denial of Service via LDAP Server-Side Sort
CVSS 6.5
CVE-2018-14635 MEDIUM
OpenStack Neutron <13.0.0.0b2, <12.0.3, <11.0.5 - DoS
CVSS 6.5
CVE-2018-14620 MEDIUM
OpenStack RabbitMQ Container - SSRF
CVSS 4.7
CVE-2018-16733 HIGH
Go Ethereum <1.8.14 - Info Disclosure
CVSS 7.5
CVE-2018-16454 HIGH
PHP Scripts Mall Currency Converter Script 2.0.5 - Denial of Service via Inverted Comma Input
CVSS 7.5
CVE-2018-15483 HIGH
KONE Group Controller Firmware < 4.6.5 - Denial of Service via HTTP Interface
CVSS 7.5
CVE-2018-0658 HIGH
EC-CUBE Payment Module < 2.3.17 - Authenticated Arbitrary PHP Code Execution
CVSS 7.2
CVE-2018-6320 CRITICAL
Pulse Secure Pulse Connect Secure and Pulse Policy Secure - Server-Side Request Forgery via Host Header
CVSS 9.8
CVE-2018-5391 HIGH
Linux Kernel >=3.9 <4.18 - Denial of Service via IP Fragment Reassembly
CVSS 7.5
CVE-2018-1000773 HIGH
WordPress < 4.9.8 - Authenticated Remote Code Execution via Thumbnail Processing
CVSS 8.8
CVE-2018-14624 HIGH
389-ds-base <1.3.7.10-1.4.0.16 - DoS
CVSS 7.5
CVE-2018-13259 CRITICAL
Canonical Ubuntu Linux < 5.6 - Improper Input Validation
CVSS 9.8
CVE-2018-0502 CRITICAL
Canonical Ubuntu Linux < 5.6 - Improper Input Validation
CVSS 9.8
CVE-2018-10930 MEDIUM
glusterfs >=3.12 <3.12.14 - Authenticated Arbitrary File Write via gfs3_rename_req RPC
CVSS 6.5
CVE-2018-10929 HIGH
Debian Linux < 3.12.14 - Improper Input Validation
CVSS 8.8
CVE-2018-10927 HIGH
Debian Linux < 3.12.14 - Information Disclosure
CVSS 8.1
CVE-2018-10926 HIGH
Redhat Virtualization Host < 3.12.14 - Path Traversal
CVSS 8.8
Details
Vulnerabilities 12,597
Exploit Likelihood High