CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-0032 HIGH
Junos OS 16.1X65 < D47, 17.2X75 < D91/D110, 17.3 < R1-S4/R2, 17.4 < R1-S3/R2 - Denial of Service via Crafted BGP UPDATE
CVSS 7.5
CVE-2018-0027 HIGH
Juniper Junos OS 16.1 - Denial of Service via Crafted RSVP PATH Message
CVSS 7.5
CVE-2018-8007 HIGH
Apache CouchDB - Privilege Escalation
CVSS 7.2
CVE-2018-8311 HIGH
Skype for Business and Microsoft Lync - Crafted Content Remote Code Execution
CVSS 8.8
CVE-2018-8300 HIGH
Microsoft SharePoint Enterprise Server - Remote Code Execution via Application Package Source Markup
CVSS 8.8
CVE-2018-8260 HIGH
.NET Framework 4.7.2 - Remote Code Execution via Improper Source Markup Validation
CVSS 8.8
CVE-2018-8232 HIGH
Microsoft Macro Assembler - Code Injection
CVSS 7.8
CVE-2018-2439 MEDIUM
SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 - Denial of Service via Malformed Data Packet
CVSS 5.9
CVE-2018-10891 HIGH
moodle 3.1-3.1.12, 3.5.0 - Stored Cross-Site Scripting in Quiz Question Bank Import
CVSS 7.3
CVE-2018-10943 HIGH
Barco ClickShare CSE-200 and CS-100 Firmware < 1.6.0.3 - Denial of Service via TCP Port 7100
CVSS 7.5
CVE-2018-10888 MEDIUM
libgit2 < 0.27.3 - Out-of-bounds Read in Binary Delta File Handling
CVSS 6.5
CVE-2018-13389 MEDIUM
Atlassian Confluence < 6.6.1 - Web Content Spoofing via RDF+XML Attachment
CVSS 4.7
CVE-2018-13795 HIGH
Gravity < 0.5.1 - Denial of Service via Unbounded Recursion Depth
CVSS 7.5
CVE-2018-1000617 HIGH
Atlassian Floodlight Controller <1.2 - DoS
CVSS 7.5
CVE-2018-3597 HIGH
Android - Arbitrary Kernel Write via ADSP RPC Driver
CVSS 7.8
CVE-2018-13348 HIGH
Mercurial < 4.6.1 - Denial of Service via mpatch_decode Function
CVSS 7.5
CVE-2018-13346 HIGH
Mercurial < 4.6.1 - Denial of Service via mpatch_apply Fragment Start Validation
CVSS 7.5
CVE-2018-8038 HIGH
Apache CXF Fediz <1.4.4 - Info Disclosure
CVSS 7.5
CVE-2018-10885 MEDIUM
OpenShift < 3.10.9 - Denial of Service via Malicious Network-Policy Configuration
CVSS 6.5
CVE-2018-9242 MEDIUM
PAN-OS < 6.1.20 - Arbitrary File Deletion via Management Web Interface
CVSS 5.5
CVE-2018-3753 CRITICAL
merge-object < 1.0.0 - Prototype Pollution via Utilities Function
CVSS 9.8
CVE-2018-3752 CRITICAL
merge-options <= 1.0.0 - Prototype Pollution via Utilities Function
CVSS 9.8
CVE-2018-3751 CRITICAL
merge-recursive <= 0.3.0 - Prototype Pollution via Utilities Function
CVSS 9.8
CVE-2018-3750 CRITICAL
deep-extend < 0.5.0 - Prototype Pollution via Utilities Function
CVSS 9.8
CVE-2018-3749 CRITICAL
deap < 1.0.1 - Prototype Pollution via Utilities Function
CVSS 9.8
Details
Vulnerabilities 12,597
Exploit Likelihood High