The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,597 vulnerabilities with CWE-20
CVE-2018-12565
HIGH
Linaro LAVA < 2018.5.post1 - Remote Code Execution via YAML Deserialization
CVSS 8.8
CVE-2018-12564
MEDIUM
Linaro LAVA <2018.5.post1 - Info Disclosure
CVSS 6.5
CVE-2018-12563
MEDIUM
Linaro LAVA <2018.5.post1 - Info Disclosure
CVSS 6.5
CVE-2018-12562
CRITICAL
Cantata < 2.3.1 - OS Command Injection via Wildcard Expansion in mount.cifs.wrapper
CVSS 9.8
CVE-2018-12561
HIGH
Cantata < 2.3.1 - Unauthenticated Mount Option Injection via Samba URL Domain Parameter
CVSS 8.8
CVE-2018-9025
HIGH
Broadcom Privileged Access Manager 2.x < 3.0.0 - Log Poisoning via Crafted Input
CVSS 7.5
CVE-2018-9023
HIGH
Broadcom Privileged Access Manager 2.x < 3.0.0 - Authenticated Remote Code Execution via update_crld Script
CVSS 8.8
CVE-2018-1060
HIGH
Python < 2.7.15 - Denial of Service via Catastrophic Backtracking in pop3lib apop()
CVSS 7.5
CVE-2018-5753
MEDIUM
Open-Xchange OX App Suite <7.6.3-7.8.4 - Info Disclosure
CVSS 6.5
CVE-2018-11222
HIGH
Artica Pandora FMS <= 7.23 - Local File Inclusion via AJAX Endpoint
CVSS 7.5
CVE-2018-12492
HIGH
PHPOK 4.9.032 - Arbitrary File Deletion via delfile_f Function
CVSS 7.5
CVE-2018-12459
MEDIUM
FFmpeg - Denial of Service via Crafted AVI File in MPEG4 Conversion
CVSS 6.5
CVE-2018-12458
MEDIUM
FFmpeg 2.8 and 4.0 - Denial of Service via Crafted AVI to MPEG4 Conversion
CVSS 6.5
CVE-2018-11574
CRITICAL
Point-to-point Protocol < 2.4.9 - Integer Overflow
CVSS 9.8
CVE-2018-4833
HIGH
Siemens Rfid 181-eip Firmware < 5.2.3 - Heap Buffer Overflow
CVSS 8.8
CVE-2018-8244
MEDIUM
Microsoft Outlook - Privilege Escalation
CVSS 6.5
CVE-2018-8218
HIGH
Windows 10 and Windows Server 2016 - Denial of Service via Hyper-V Network Switch Input Validation
CVSS 7.7
CVE-2018-5488
CRITICAL
NetApp SANtricity - Unauthenticated RCE
CVSS 9.8
CVE-2018-10363
HIGH
WpDevArt Booking calendar <2.2.2 - Info Disclosure
CVSS 7.5
CVE-2018-7162
HIGH
Node.js 9.0.0-9.11.1 - Denial of Service via TLS Handshake Message Tampering
CVSS 7.5
CVE-2018-7161
HIGH
Node.js 8.0.0-8.8.0, 8.9.0-8.11.2, 10.x - Denial of Service via HTTP/2 Cleanup Bug
CVSS 7.5
CVE-2018-3582
HIGH
Android - Buffer Overflow in WMA Event Handler Functions
CVSS 7.8
CVE-2018-5803
MEDIUM
Linux Kernel < 4.15.8 DoS via SCTP Packet Length Handling
CVSS 5.5
CVE-2018-2424
CRITICAL
SAP UI5 - Cross-Site Scripting via DOM Injection
CVSS 9.8
CVE-2018-1103
MEDIUM
Openshift Enterprise <1.1.10 - Code Injection
CVSS 6.1
Details
Vulnerabilities
12,597
Exploit Likelihood
High