CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,598 vulnerabilities with CWE-20
CVE-2018-5487 CRITICAL
NetApp OnCommand Unified Manager <7.4 - RCE
CVSS 9.8
CVE-2018-1000040 MEDIUM
Artifex MuPDF < 1.12.0 - Denial of Service via PDF Parser Uninitialized Value Bugs
CVSS 5.5
CVE-2018-1000037 MEDIUM
Artifex MuPDF < 1.12.0 - Denial of Service via PDF Parser Assertion Failure
CVSS 5.5
CVE-2018-11411 HIGH
DimonCoin - Unauthenticated Arbitrary Balance Transfer via transferFrom Function
CVSS 7.5
CVE-2018-8176 HIGH
Microsoft Office for Mac - Remote Code Execution via XML Content Validation Bypass
CVSS 8.8
CVE-2018-11357 HIGH
Wireshark 2.2.0-2.2.14 and 2.4.0-2.4.6 - Denial of Service via Negative Length Handling
CVSS 7.5
CVE-2018-11354 HIGH
Wireshark 2.6.0 - Denial of Service in IEEE 1905.1a Dissector
CVSS 7.5
CVE-2018-11321 MEDIUM
Joomla! < 3.8.8 - Authenticated Remote Code Execution via Custom Field Filter Manipulation
CVSS 6.5
CVE-2018-11367 HIGH
CppCMS < 1.2.1 - Denial of Service in JSON Parser
CVSS 7.5
CVE-2018-11315 MEDIUM
Radiothermostat Ct50 Firmware < 1.04.84 - Improper Input Validation
CVSS 6.5
CVE-2018-4992 HIGH
Adobe Creative Cloud < 4.4.1.298 - Local Privilege Escalation
CVSS 7.8
CVE-2018-4943 HIGH
Adobe PhoneGap Push Plugin < 1.8.0 - Same-Origin Method Execution
CVSS 8.8
CVE-2018-8867 HIGH
GE PACSystems RX3i/RSTi-EP CPE Denial of Service via Crafted Packets
CVSS 7.5
CVE-2018-11232 MEDIUM
Linux Kernel < 4.10.2 - Denial of Service via etm_setup_aux Parameter Misuse
CVSS 5.5
CVE-2018-9970 HIGH
Foxit Reader and PhantomPDF < 9.0.1.1049 - Remote Code Execution via XFA Button execEvent Method
CVSS 8.8
CVE-2018-9935 HIGH
Foxit PhantomPDF 8.0-8.3.2.25013 and Foxit Reader <9.0.1.1049 - Remote Code Execution via addField Method
CVSS 8.8
CVE-2018-7159 MEDIUM
Node.js 4.0.0-4.1.1 and 4.2.0-4.8.9 - HTTP Request Smuggling via Content-Length Header Parsing
CVSS 5.3
CVE-2018-0325 HIGH
Cisco IP Phone 7800 and 8800 Series Firmware - Denial of Service via Malformed SIP SDP Parameters
CVSS 7.5
CVE-2018-0280 HIGH
Cisco Meeting Server 2.0-2.3 - Unauthenticated Denial of Service via RTP Bitstream Processing
CVSS 7.5
CVE-2018-0279 HIGH
Cisco Enterprise NFV Infrastructure Software < 3.6.3 - Authenticated OS Command Injection via SCP Server
CVSS 8.8
CVE-2018-4850 HIGH
SIMATIC S7-400 and S7-400H Firmware < 4.0, 5.0 < 5.2, < 4.5 - Denial of Service via S7 Communication Packet
CVSS 7.5
CVE-2018-3634 MEDIUM
Intel Online Connect Access < 1.9.22.0 - Denial of Service via NDIS Filter Driver Parameter Corruption
CVSS 5.5
CVE-2018-3611 MEDIUM
Intel Graphics Driver < 15.40.37.4835 - Denial of Service via User Mode Driver Bounds Check
CVSS 6.5
CVE-2018-11035 HIGH
2345 Security Guard 3.7 - Denial of Service via IOCTL 0x80002019
CVSS 7.8
CVE-2018-11034 HIGH
2345 Security Guard 3.7 - Denial of Service via IOCTL 0x8000200D
CVSS 7.8
Details
Vulnerabilities 12,598
Exploit Likelihood High