CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,599 vulnerabilities with CWE-20
CVE-2018-9262 HIGH
Wireshark 2.2.0-2.2.13 and 2.4.0-2.4.5 - Denial of Service in VLAN Dissector
CVSS 7.5
CVE-2018-9260 HIGH
Wireshark 2.2.0-2.2.13 and 2.4.0-2.4.5 - Denial of Service in IEEE 802.15.4 Dissector
CVSS 7.5
CVE-2018-9259 HIGH
Wireshark 2.2.0-2.2.13 and 2.4.0-2.4.5 - Denial of Service in MP4 Dissector
CVSS 7.5
CVE-2018-9258 HIGH
Wireshark 2.4.0-2.4.5 - Denial of Service in TCP Dissector
CVSS 7.5
CVE-2018-9256 HIGH
Wireshark 2.2.0-2.2.13 and 2.4.0-2.4.5 - Denial of Service in LWAPP Dissector
CVSS 7.5
CVE-2018-8779 HIGH
Ruby <2.2.10-2.6.0 - Code Injection
CVSS 7.5
CVE-2018-8049 HIGH
Unisys Stealth SVG <3.0.1999-3.3.016 - DoS
CVSS 7.5
CVE-2018-1099 MEDIUM
etcd < 3.3.1 - DNS Rebinding
CVSS 5.5
CVE-2018-4176 MEDIUM
macOS < 10.13.4 - Unauthenticated Arbitrary Application Launch via Crafted Disk Image
CVSS 5.5
CVE-2018-4175 HIGH
macOS < 10.13.4 - Code-Signing Bypass via LaunchServices
CVSS 7.8
CVE-2018-4149 HIGH
iPhone OS < 11.3 - User Interface Spoofing via SafariViewController
CVSS 8.8
CVE-2018-4142 HIGH
iPhone OS < 11.3, macOS < 10.13.4, tvOS < 11.3, watchOS < 4.3 - Denial of Service in CoreText
CVSS 7.5
CVE-2018-4134 HIGH
iPhone OS < 11.3 - User Interface Spoofing via Safari
CVSS 8.8
CVE-2018-4116 MEDIUM
Safari < 11.1 - Address Bar Spoofing via Crafted Web Site
CVSS 6.5
CVE-2018-4108 CRITICAL
macOS < 10.13.4 - APFS Volume Password Truncation via Disk Management Injection
CVSS 9.8
CVE-2018-4107 MEDIUM
macOS < 10.13.4 - URL Restriction Bypass in PDFKit
CVSS 6.5
CVE-2018-4105 CRITICAL
Apple Mac OS X < 10.13.4 - Improper Input Validation
CVSS 9.8
CVE-2018-4102 MEDIUM
Safari < 11.1 - Address Bar Spoofing via Crafted Web Site
CVSS 6.5
CVE-2018-4097 HIGH
macOS < 10.13.3 - Kernel Privilege Escalation via Crafted App
CVSS 7.8
CVE-2018-9158 HIGH
AXIS M1033-W Firmware 5.40.5.1 - Denial of Service via IPv4 Flood Attack
CVSS 7.5
CVE-2018-3740 HIGH
Sanitize < 4.6.0 and 3.0.0-4.6.3 - Improper Input Validation
CVSS 7.5
CVE-2018-9145 MEDIUM
Exiv2 - Denial of Service via Large Buffer Size in DataBuf Constructor
CVSS 6.5
CVE-2018-9142 HIGH
Samsung Mobile N(7.x) - Arbitrary APK Installation via Secure Folder SD Card Validation Bypass
CVSS 7.0
CVE-2018-9141 HIGH
Samsung Mobile L(5.x) M(6.0) N(7.x) - Remote Code Execution via BMP File Resolution
CVSS 7.8
CVE-2018-9136 MEDIUM
Jungo WinDriver < 12.7.0 - Denial of Service via Crafted Executable File
CVSS 5.5
Details
Vulnerabilities 12,599
Exploit Likelihood High