CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-1070 MEDIUM
OpenShift Container Platform < 3.10 - Denial of Service via Routing Configuration
CVSS 6.5
CVE-2018-5176 MEDIUM
JSON Viewer - Cross-Site Scripting
CVSS 6.1
CVE-2018-5173 MEDIUM
Firefox < 60 - Info Disclosure
CVSS 5.3
CVE-2018-5170 MEDIUM
Thunderbird <52.8 - Info Disclosure
CVSS 4.3
CVE-2018-5169 MEDIUM
Firefox <60 - CSRF
CVSS 6.5
CVE-2018-5167 MEDIUM
Firefox <60 - Cross-Site Scripting
CVSS 4.3
CVE-2018-5161 MEDIUM
Thunderbird <52.8 - DoS
CVSS 4.3
CVE-2018-5141 HIGH
Firefox < 59.0 - Denial of Service via Push API Notification Abuse
CVSS 8.2
CVE-2018-5138 MEDIUM
Firefox < 59.0 - Spoofing via Extremely Long Domain Name in Android Custom Tab
CVSS 5.3
CVE-2018-5136 HIGH
Firefox < 59 - Open Redirect
CVSS 7.5
CVE-2018-5130 HIGH
Firefox <59 - Buffer Overflow
CVSS 8.8
CVE-2018-5121 MEDIUM
Firefox < 58 - Domain Name Spoofing via Tibetan Character Rendering
CVSS 5.3
CVE-2018-5111 MEDIUM
Firefox < 58 - URL Spoofing via Address Bar Drag-and-Drop
CVSS 6.5
CVE-2018-5110 MEDIUM
Firefox < 58 - Cursor Visibility Manipulation via Scripted Toggle
CVSS 5.3
CVE-2018-6515 HIGH
Puppet Agent 1.10.0-1.10.12, 5.3.0-5.3.6, 5.5.0-5.5.1 - Privilege Escalation via Crafted Configuration File
CVSS 7.8
CVE-2018-12108 MEDIUM
Dropbox Lepton 1.2.1 - Denial of Service via Malformed File
CVSS 5.5
CVE-2018-12025 HIGH
FuturXE - Unauthorized Token Transfer via Integer Underflow in transferFrom Function
CVSS 7.5
CVE-2018-12088 HIGH
S3QL <2.27 - Info Disclosure
CVSS 7.5
CVE-2018-4250 MEDIUM
iPhone OS < 11.4 - Denial of Service via Crafted Message
CVSS 6.5
CVE-2018-4247 MEDIUM
Safari < 11.1.1 - Denial of Service via Crafted Web Site
CVSS 6.5
CVE-2018-4240 MEDIUM
iPhone OS < 11.4, macOS < 10.13.5, tvOS < 11.4, watchOS < 4.3.1 - Denial of Service via Crafted Message
CVSS 6.5
CVE-2018-4225 MEDIUM
iPhone OS < 11.4, macOS < 10.13.5, watchOS < 4.3.1, iCloud < 7.5, iTunes < 12.7.5 - Local Keychain State Modification
CVSS 5.5
CVE-2018-4205 MEDIUM
Safari < 11.1.1 - Address Bar Spoofing via Crafted Website
CVSS 6.5
CVE-2018-4202 MEDIUM
Apple Iphone OS < 11.4 - Improper Input Validation
CVSS 5.9
CVE-2018-4198 MEDIUM
Apple tvOS < 11.4 - Denial of Service via Crafted Text File
CVSS 5.5
Details
Vulnerabilities 12,597
Exploit Likelihood High