The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,597 vulnerabilities with CWE-20
CVE-2018-1070
MEDIUM
OpenShift Container Platform < 3.10 - Denial of Service via Routing Configuration
CVSS 6.5
CVE-2018-5176
MEDIUM
JSON Viewer - Cross-Site Scripting
CVSS 6.1
CVE-2018-5173
MEDIUM
Firefox < 60 - Info Disclosure
CVSS 5.3
CVE-2018-5170
MEDIUM
Thunderbird <52.8 - Info Disclosure
CVSS 4.3
CVE-2018-5169
MEDIUM
Firefox <60 - CSRF
CVSS 6.5
CVE-2018-5167
MEDIUM
Firefox <60 - Cross-Site Scripting
CVSS 4.3
CVE-2018-5161
MEDIUM
Thunderbird <52.8 - DoS
CVSS 4.3
CVE-2018-5141
HIGH
Firefox < 59.0 - Denial of Service via Push API Notification Abuse
CVSS 8.2
CVE-2018-5138
MEDIUM
Firefox < 59.0 - Spoofing via Extremely Long Domain Name in Android Custom Tab
CVSS 5.3
CVE-2018-5136
HIGH
Firefox < 59 - Open Redirect
CVSS 7.5
CVE-2018-5130
HIGH
Firefox <59 - Buffer Overflow
CVSS 8.8
CVE-2018-5121
MEDIUM
Firefox < 58 - Domain Name Spoofing via Tibetan Character Rendering
CVSS 5.3
CVE-2018-5111
MEDIUM
Firefox < 58 - URL Spoofing via Address Bar Drag-and-Drop
CVSS 6.5
CVE-2018-5110
MEDIUM
Firefox < 58 - Cursor Visibility Manipulation via Scripted Toggle
CVSS 5.3
CVE-2018-6515
HIGH
Puppet Agent 1.10.0-1.10.12, 5.3.0-5.3.6, 5.5.0-5.5.1 - Privilege Escalation via Crafted Configuration File
CVSS 7.8
CVE-2018-12108
MEDIUM
Dropbox Lepton 1.2.1 - Denial of Service via Malformed File
CVSS 5.5
CVE-2018-12025
HIGH
FuturXE - Unauthorized Token Transfer via Integer Underflow in transferFrom Function
CVSS 7.5
CVE-2018-12088
HIGH
S3QL <2.27 - Info Disclosure
CVSS 7.5
CVE-2018-4250
MEDIUM
iPhone OS < 11.4 - Denial of Service via Crafted Message
CVSS 6.5
CVE-2018-4247
MEDIUM
Safari < 11.1.1 - Denial of Service via Crafted Web Site
CVSS 6.5
CVE-2018-4240
MEDIUM
iPhone OS < 11.4, macOS < 10.13.5, tvOS < 11.4, watchOS < 4.3.1 - Denial of Service via Crafted Message
CVSS 6.5
CVE-2018-4225
MEDIUM
iPhone OS < 11.4, macOS < 10.13.5, watchOS < 4.3.1, iCloud < 7.5, iTunes < 12.7.5 - Local Keychain State Modification
CVSS 5.5
CVE-2018-4205
MEDIUM
Safari < 11.1.1 - Address Bar Spoofing via Crafted Website
CVSS 6.5
CVE-2018-4202
MEDIUM
Apple Iphone OS < 11.4 - Improper Input Validation
CVSS 5.9
CVE-2018-4198
MEDIUM
Apple tvOS < 11.4 - Denial of Service via Crafted Text File
CVSS 5.5
Details
Vulnerabilities
12,597
Exploit Likelihood
High