CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-15122 HIGH
Progress Telerik <2018.1.323.2-2018.2.605.0 - Code Injection
CVSS 7.8
CVE-2018-10140 MEDIUM
Palo Alto Networks PAN-OS <8.1.2 - DoS
CVSS 4.3
CVE-2018-0419 HIGH
Cisco Email Security Appliance - Unauthenticated File Filtering Bypass via EXE Attachment Detection
CVSS 7.5
CVE-2018-0418 HIGH
Cisco IOS XR < 6.3.3_base - Unauthenticated Denial of Service via Malformed PTP Traffic
CVSS 8.6
CVE-2018-0409 HIGH
Cisco TelePresence VCS & UC Manager IM&P DoS via Malicious IPv4/IPv6 Packet
CVSS 7.5
CVE-2018-8414 HIGH KEV
Windows 10 1703, 1709, 1803 and Windows Server 1709, 1803 - Remote Code Execution via Improper File Path Validation
CVSS 8.8
CVE-2018-8412 HIGH
Microsoft Office - Privilege Escalation
CVSS 7.8
CVE-2018-8339 HIGH
Windows Installer - Privilege Escalation
CVSS 7.0
CVE-2018-8316 HIGH
Internet Explorer 10 and 11 - Remote Code Execution via Hyperlink Validation Bypass
CVSS 7.5
CVE-2018-12537 MEDIUM
Eclipse Vert.x <3.5.1 - Code Injection
CVSS 5.3
CVE-2018-3776 MEDIUM
Nextcloud Server 11.0.0-11.0.5 - Audit Log Bypass via Input Validation Issue
CVSS 5.3
CVE-2018-15185 MEDIUM
PHP Scripts Mall Naukri/Jobsite Clone Script 3.0.4 - DoS
CVSS 6.5
CVE-2018-10908 MEDIUM
ovirt vdsm < 4.20.37 - Denial of Service via Unbounded Resource Consumption in qemu-img
CVSS 6.5
CVE-2018-7059 HIGH
Aruba ClearPass < 6.6.9 - Authenticated Privilege Escalation via Cluster API
CVSS 8.8
CVE-2018-13877 HIGH
MegaCryptoPolis - Denial of Service via doPayouts Function
CVSS 7.5
CVE-2018-9866 CRITICAL
SonicWall Global Management System < 8.1 - Remote Code Execution via XML-RPC Parameter Injection
CVSS 9.8
CVE-2018-3777 CRITICAL
restforce < 3.0.0 - Parameter Injection via Insufficient URI Encoding
CVSS 9.8
CVE-2018-14923 HIGH
Uniview EZPlayer 1.0.6 - Remote Code Execution via Video Playback
CVSS 7.8
CVE-2018-14774 HIGH
Symfony <4.1.3 - Host Header Injection
CVSS 7.2
CVE-2018-14872 HIGH
Rincewind 0.1 - Unauthenticated Reinstallation via Index.php Parameter
CVSS 7.5
CVE-2018-10922 HIGH
ttembed - Denial of Service via Crafted Input File
CVSS 7.5
CVE-2018-10921 MEDIUM
ttembed - Integer Overflow in Input File Processing
CVSS 4.3
CVE-2018-12448 MEDIUM
Whale Browser <1.3.48.4 - Info Disclosure
CVSS 5.3
CVE-2018-10920 MEDIUM
Knot Resolver < 2.4.1 - Cache Poisoning via Improper Input Validation
CVSS 6.8
CVE-2018-3650 HIGH
Intel Distribution for Python < 2018 Update 2 - URI Sanitization Bypass via Bleach Module
CVSS 7.8
Details
Vulnerabilities 12,597
Exploit Likelihood High