CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-10923 HIGH
glusterfs 3.12.0-3.12.13 - Authenticated Arbitrary Device File Creation via mknod
CVSS 8.1
CVE-2018-0664 CRITICAL
NoMachine < 5.0.63 - Environment Variable Manipulation
CVSS 9.8
CVE-2018-16238 HIGH
damicms 6.0.1 - Remote Code Execution via Tpl Update Endpoint
CVSS 7.2
CVE-2018-16231 HIGH
Michael-roth-software Pftp < 8.4f - Improper Input Validation
CVSS 7.5
CVE-2018-14619 HIGH
Linux kernel <4.15-rc4 - Privilege Escalation
CVSS 7.8
CVE-2018-11615 HIGH
npm mosca < 2.8.2 - Unauthenticated Denial of Service via Crafted Topic Regular Expression
CVSS 7.5
CVE-2018-8022 HIGH
Apache Traffic Server <6.2.2 - Use After Free
CVSS 7.5
CVE-2018-1318 HIGH
Apache Traffic Server 6.0.0-6.2.2 and 7.0.0-7.1.3 - Denial of Service via Method ACLs in remap.config
CVSS 7.5
CVE-2018-12807 MEDIUM
Adobe Experience Manager <6.5 - Info Disclosure
CVSS 5.3
CVE-2018-15888 CRITICAL
ASPCMS 2.5.6 - Unauthenticated Privilege Escalation via GroupID Manipulation
CVSS 9.8
CVE-2018-15885 HIGH
Ovation FindMe 1.4-1083-1 - Improper Input Validation
CVSS 7.5
CVE-2018-15876 MEDIUM
ajax-bootmodal-login 1.4.3 - CAPTCHA Bypass via Session Reuse
CVSS 5.3
CVE-2018-14598 HIGH
libX11 < 1.6.5 - Denial of Service via XListExtensions Overflow
CVSS 7.5
CVE-2018-14799 LOW
Philips PageWriter - Buffer Overflow
CVSS 3.7
CVE-2018-10858 MEDIUM
Debian Linux < 4.6.16 - Memory Corruption
CVSS 4.3
CVE-2018-1140 MEDIUM
Samba 4.8.0-4.8.3 - Denial of Service via LDAP Input Sanitization Flaw
CVSS 6.5
CVE-2018-1139 HIGH
Samba <4.7.9, 4.8.4 - Info Disclosure
CVSS 8.1
CVE-2018-1599 MEDIUM
IBM API Connect 5.0.0.0-5.0.8.3 - Clickjacking via Malicious Website
CVSS 5.4
CVE-2018-15670 MEDIUM
Bloop Airmail 3 3.5.9 - OpenURL Validation Bypass via Event Handler
CVSS 4.3
CVE-2018-15601 CRITICAL
Elefantcms < 2.0.4 - Improper Input Validation
CVSS 9.8
CVE-2018-1517 MEDIUM
IBM SDK Java Technology Edition 6.0, 7.0, 8.0 - Denial of Service via Crafted String Data
CVSS 5.9
CVE-2018-1000656 HIGH
Pallets Project flask <0.12.3 - Info Disclosure
CVSS 7.5
CVE-2018-1000647 HIGH
LibreHealthIO lh-ehr <REL-2.0.0 - Privilege Escalation
CVSS 7.1
CVE-2018-15358 HIGH
Eltex ESP-200 <1.2.0 - Privilege Escalation
CVSS 8.8
CVE-2018-10873 HIGH
SPICE < 0.14.1 - Memory Corruption via Demarshalling Message Bounds Check Bypass
CVSS 8.3
Details
Vulnerabilities 12,597
Exploit Likelihood High