The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,597 vulnerabilities with CWE-20
CVE-2018-10923
HIGH
glusterfs 3.12.0-3.12.13 - Authenticated Arbitrary Device File Creation via mknod
CVSS 8.1
CVE-2018-0664
CRITICAL
NoMachine < 5.0.63 - Environment Variable Manipulation
CVSS 9.8
CVE-2018-16238
HIGH
damicms 6.0.1 - Remote Code Execution via Tpl Update Endpoint
CVSS 7.2
CVE-2018-16231
HIGH
Michael-roth-software Pftp < 8.4f - Improper Input Validation
CVSS 7.5
CVE-2018-14619
HIGH
Linux kernel <4.15-rc4 - Privilege Escalation
CVSS 7.8
CVE-2018-11615
HIGH
npm mosca < 2.8.2 - Unauthenticated Denial of Service via Crafted Topic Regular Expression
CVSS 7.5
CVE-2018-8022
HIGH
Apache Traffic Server <6.2.2 - Use After Free
CVSS 7.5
CVE-2018-1318
HIGH
Apache Traffic Server 6.0.0-6.2.2 and 7.0.0-7.1.3 - Denial of Service via Method ACLs in remap.config
CVSS 7.5
CVE-2018-12807
MEDIUM
Adobe Experience Manager <6.5 - Info Disclosure
CVSS 5.3
CVE-2018-15888
CRITICAL
ASPCMS 2.5.6 - Unauthenticated Privilege Escalation via GroupID Manipulation
CVSS 9.8
CVE-2018-15885
HIGH
Ovation FindMe 1.4-1083-1 - Improper Input Validation
CVSS 7.5
CVE-2018-15876
MEDIUM
ajax-bootmodal-login 1.4.3 - CAPTCHA Bypass via Session Reuse
CVSS 5.3
CVE-2018-14598
HIGH
libX11 < 1.6.5 - Denial of Service via XListExtensions Overflow
CVSS 7.5
CVE-2018-14799
LOW
Philips PageWriter - Buffer Overflow
CVSS 3.7
CVE-2018-10858
MEDIUM
Debian Linux < 4.6.16 - Memory Corruption
CVSS 4.3
CVE-2018-1140
MEDIUM
Samba 4.8.0-4.8.3 - Denial of Service via LDAP Input Sanitization Flaw
CVSS 6.5
CVE-2018-1139
HIGH
Samba <4.7.9, 4.8.4 - Info Disclosure
CVSS 8.1
CVE-2018-1599
MEDIUM
IBM API Connect 5.0.0.0-5.0.8.3 - Clickjacking via Malicious Website
CVSS 5.4
CVE-2018-15670
MEDIUM
Bloop Airmail 3 3.5.9 - OpenURL Validation Bypass via Event Handler
CVSS 4.3
CVE-2018-15601
CRITICAL
Elefantcms < 2.0.4 - Improper Input Validation
CVSS 9.8
CVE-2018-1517
MEDIUM
IBM SDK Java Technology Edition 6.0, 7.0, 8.0 - Denial of Service via Crafted String Data
CVSS 5.9
CVE-2018-1000656
HIGH
Pallets Project flask <0.12.3 - Info Disclosure
CVSS 7.5
CVE-2018-1000647
HIGH
LibreHealthIO lh-ehr <REL-2.0.0 - Privilege Escalation
CVSS 7.1
CVE-2018-15358
HIGH
Eltex ESP-200 <1.2.0 - Privilege Escalation
CVSS 8.8
CVE-2018-10873
HIGH
SPICE < 0.14.1 - Memory Corruption via Demarshalling Message Bounds Check Bypass
CVSS 8.3
Details
Vulnerabilities
12,597
Exploit Likelihood
High