The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,597 vulnerabilities with CWE-20
CVE-2018-10916
MEDIUM
lftp <= 4.8.3 - Unauthenticated Arbitrary File Deletion via Reverse Mirroring
CVSS 5.3
CVE-2018-1999037
MEDIUM
Jenkins Resource Disposer Plugin <0.11 - Info Disclosure
CVSS 4.3
CVE-2018-14775
MEDIUM
OpenBSD 6.2-6.3 - Local Denial of Service via I/O Port Access Control
CVSS 5.5
CVE-2018-14281
HIGH
Foxit Reader and PhantomPDF < 9.1.0.5096 - Arbitrary File Write via exportData XFA Function
CVSS 8.8
CVE-2018-14280
HIGH
Foxit Reader and PhantomPDF < 9.1.0.5096 - Arbitrary File Write via XFA exportAsFDF Function
CVSS 8.8
CVE-2018-7934
MEDIUM
Huawei mobile phone <BLA-L29 8.0.0.145(C432) - DoS
CVSS 5.5
CVE-2018-14581
HIGH
Redgate .NET Reflector < 10.0.7.774 and SmartAssembly < 6.12.5 - Remote Code Execution via Embedded Resource File
CVSS 7.8
CVE-2018-12941
HIGH
SeedDMS < 5.1.8 - Authenticated Remote Code Execution via Cache Directory Path Manipulation
CVSS 8.8
CVE-2018-14767
CRITICAL
Kamailio <5.0.7, <5.1.4 - DoS/Code Injection
CVSS 9.8
CVE-2018-3772
CRITICAL
whereis < 0.4.1 - OS Command Injection via Unsanitized Input Concatenation
CVSS 9.8
CVE-2018-9066
HIGH
Lenovo xClarity Administrator < 2.1.0 - Authenticated Command Injection via Web API Parameter
CVSS 8.8
CVE-2018-10903
HIGH
python-cryptography 1.9.0-2.2 - GCM Tag Forgery via Insufficient Tag Length Validation
CVSS 7.5
CVE-2018-14680
MEDIUM
libmspack <0.7alpha - Info Disclosure
CVSS 6.5
CVE-2018-5542
HIGH
F5 BIG-IP <13.0.1 - Info Disclosure
CVSS 8.1
CVE-2018-5537
MEDIUM
F5 BIG-IP 11.2.1-11.5.6, 12.1.0-12.1.3.5, 13.0.0-13.1.0.5 - Denial of Service via HTML Profile Processing
CVSS 5.3
CVE-2018-5531
HIGH
F5 BIG-IP DoS via Adjacent Network Attack
CVSS 7.4
CVE-2018-11044
MEDIUM
Pivotal Application Service 1.12.x-2.2.x - Authenticated Invitation Email Injection
CVSS 6.5
CVE-2018-11452
HIGH
Siemens EN100 Ethernet Module Firmware - Denial of Service via Crafted Packets to Port 102/tcp
CVSS 7.5
CVE-2018-11451
HIGH
Siemens EN100 Ethernet Module Firmware - Denial of Service via Crafted Packets to Port 102/tcp
CVSS 7.5
CVE-2018-1999018
MEDIUM
Pydio < 8.2.1 - Remote Code Execution via Antivirus Plugin Command Injection
CVSS 6.6
CVE-2018-1503
MEDIUM
IBM WebSphere MQ 7.5.0.0-7.5.0.7 - Authenticated Denial of Service via Malformed Headers
CVSS 4.3
CVE-2018-14505
HIGH
mitmproxy < 4.0.4 - DNS Rebinding via mitmweb
CVSS 8.8
CVE-2018-14438
HIGH
Wireshark <2.6.2 - Privilege Escalation
CVSS 7.5
CVE-2018-10870
CRITICAL
redhat-certification - Path Traversal and Arbitrary File Write in rhcertStore.py:__saveResultsFile
CVSS 9.8
CVE-2018-14336
HIGH
TP-Link WR840N - Denial of Service via Random MAC Address Packets
CVSS 7.5
Details
Vulnerabilities
12,597
Exploit Likelihood
High