CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-10916 MEDIUM
lftp <= 4.8.3 - Unauthenticated Arbitrary File Deletion via Reverse Mirroring
CVSS 5.3
CVE-2018-1999037 MEDIUM
Jenkins Resource Disposer Plugin <0.11 - Info Disclosure
CVSS 4.3
CVE-2018-14775 MEDIUM
OpenBSD 6.2-6.3 - Local Denial of Service via I/O Port Access Control
CVSS 5.5
CVE-2018-14281 HIGH
Foxit Reader and PhantomPDF < 9.1.0.5096 - Arbitrary File Write via exportData XFA Function
CVSS 8.8
CVE-2018-14280 HIGH
Foxit Reader and PhantomPDF < 9.1.0.5096 - Arbitrary File Write via XFA exportAsFDF Function
CVSS 8.8
CVE-2018-7934 MEDIUM
Huawei mobile phone <BLA-L29 8.0.0.145(C432) - DoS
CVSS 5.5
CVE-2018-14581 HIGH
Redgate .NET Reflector < 10.0.7.774 and SmartAssembly < 6.12.5 - Remote Code Execution via Embedded Resource File
CVSS 7.8
CVE-2018-12941 HIGH
SeedDMS < 5.1.8 - Authenticated Remote Code Execution via Cache Directory Path Manipulation
CVSS 8.8
CVE-2018-14767 CRITICAL
Kamailio <5.0.7, <5.1.4 - DoS/Code Injection
CVSS 9.8
CVE-2018-3772 CRITICAL
whereis < 0.4.1 - OS Command Injection via Unsanitized Input Concatenation
CVSS 9.8
CVE-2018-9066 HIGH
Lenovo xClarity Administrator < 2.1.0 - Authenticated Command Injection via Web API Parameter
CVSS 8.8
CVE-2018-10903 HIGH
python-cryptography 1.9.0-2.2 - GCM Tag Forgery via Insufficient Tag Length Validation
CVSS 7.5
CVE-2018-14680 MEDIUM
libmspack <0.7alpha - Info Disclosure
CVSS 6.5
CVE-2018-5542 HIGH
F5 BIG-IP <13.0.1 - Info Disclosure
CVSS 8.1
CVE-2018-5537 MEDIUM
F5 BIG-IP 11.2.1-11.5.6, 12.1.0-12.1.3.5, 13.0.0-13.1.0.5 - Denial of Service via HTML Profile Processing
CVSS 5.3
CVE-2018-5531 HIGH
F5 BIG-IP DoS via Adjacent Network Attack
CVSS 7.4
CVE-2018-11044 MEDIUM
Pivotal Application Service 1.12.x-2.2.x - Authenticated Invitation Email Injection
CVSS 6.5
CVE-2018-11452 HIGH
Siemens EN100 Ethernet Module Firmware - Denial of Service via Crafted Packets to Port 102/tcp
CVSS 7.5
CVE-2018-11451 HIGH
Siemens EN100 Ethernet Module Firmware - Denial of Service via Crafted Packets to Port 102/tcp
CVSS 7.5
CVE-2018-1999018 MEDIUM
Pydio < 8.2.1 - Remote Code Execution via Antivirus Plugin Command Injection
CVSS 6.6
CVE-2018-1503 MEDIUM
IBM WebSphere MQ 7.5.0.0-7.5.0.7 - Authenticated Denial of Service via Malformed Headers
CVSS 4.3
CVE-2018-14505 HIGH
mitmproxy < 4.0.4 - DNS Rebinding via mitmweb
CVSS 8.8
CVE-2018-14438 HIGH
Wireshark <2.6.2 - Privilege Escalation
CVSS 7.5
CVE-2018-10870 CRITICAL
redhat-certification - Path Traversal and Arbitrary File Write in rhcertStore.py:__saveResultsFile
CVSS 9.8
CVE-2018-14336 HIGH
TP-Link WR840N - Denial of Service via Random MAC Address Packets
CVSS 7.5
Details
Vulnerabilities 12,597
Exploit Likelihood High