CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-12565 HIGH
Linaro LAVA < 2018.5.post1 - Remote Code Execution via YAML Deserialization
CVSS 8.8
CVE-2018-12564 MEDIUM
Linaro LAVA <2018.5.post1 - Info Disclosure
CVSS 6.5
CVE-2018-12563 MEDIUM
Linaro LAVA <2018.5.post1 - Info Disclosure
CVSS 6.5
CVE-2018-12562 CRITICAL
Cantata < 2.3.1 - OS Command Injection via Wildcard Expansion in mount.cifs.wrapper
CVSS 9.8
CVE-2018-12561 HIGH
Cantata < 2.3.1 - Unauthenticated Mount Option Injection via Samba URL Domain Parameter
CVSS 8.8
CVE-2018-9025 HIGH
Broadcom Privileged Access Manager 2.x < 3.0.0 - Log Poisoning via Crafted Input
CVSS 7.5
CVE-2018-9023 HIGH
Broadcom Privileged Access Manager 2.x < 3.0.0 - Authenticated Remote Code Execution via update_crld Script
CVSS 8.8
CVE-2018-1060 HIGH
Python < 2.7.15 - Denial of Service via Catastrophic Backtracking in pop3lib apop()
CVSS 7.5
CVE-2018-5753 MEDIUM
Open-Xchange OX App Suite <7.6.3-7.8.4 - Info Disclosure
CVSS 6.5
CVE-2018-11222 HIGH
Artica Pandora FMS <= 7.23 - Local File Inclusion via AJAX Endpoint
CVSS 7.5
CVE-2018-12492 HIGH
PHPOK 4.9.032 - Arbitrary File Deletion via delfile_f Function
CVSS 7.5
CVE-2018-12459 MEDIUM
FFmpeg - Denial of Service via Crafted AVI File in MPEG4 Conversion
CVSS 6.5
CVE-2018-12458 MEDIUM
FFmpeg 2.8 and 4.0 - Denial of Service via Crafted AVI to MPEG4 Conversion
CVSS 6.5
CVE-2018-11574 CRITICAL
Point-to-point Protocol < 2.4.9 - Integer Overflow
CVSS 9.8
CVE-2018-4833 HIGH
Siemens Rfid 181-eip Firmware < 5.2.3 - Heap Buffer Overflow
CVSS 8.8
CVE-2018-8244 MEDIUM
Microsoft Outlook - Privilege Escalation
CVSS 6.5
CVE-2018-8218 HIGH
Windows 10 and Windows Server 2016 - Denial of Service via Hyper-V Network Switch Input Validation
CVSS 7.7
CVE-2018-5488 CRITICAL
NetApp SANtricity - Unauthenticated RCE
CVSS 9.8
CVE-2018-10363 HIGH
WpDevArt Booking calendar <2.2.2 - Info Disclosure
CVSS 7.5
CVE-2018-7162 HIGH
Node.js 9.0.0-9.11.1 - Denial of Service via TLS Handshake Message Tampering
CVSS 7.5
CVE-2018-7161 HIGH
Node.js 8.0.0-8.8.0, 8.9.0-8.11.2, 10.x - Denial of Service via HTTP/2 Cleanup Bug
CVSS 7.5
CVE-2018-3582 HIGH
Android - Buffer Overflow in WMA Event Handler Functions
CVSS 7.8
CVE-2018-5803 MEDIUM
Linux Kernel < 4.15.8 DoS via SCTP Packet Length Handling
CVSS 5.5
CVE-2018-2424 CRITICAL
SAP UI5 - Cross-Site Scripting via DOM Injection
CVSS 9.8
CVE-2018-1103 MEDIUM
Openshift Enterprise <1.1.10 - Code Injection
CVSS 6.1
Details
Vulnerabilities 12,597
Exploit Likelihood High