CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,599 vulnerabilities with CWE-20
CVE-2018-0885 MEDIUM
Microsoft Hyper-V Network Switch - Denial of Service via Privileged Guest Input
CVSS 5.8
CVE-2018-0868 HIGH
Windows Installer - Elevation of Privilege via Improper Input Validation
CVSS 7.0
CVE-2018-1000125 CRITICAL
inversoft prime-jwt <1.3.0 - Info Disclosure
CVSS 9.8
CVE-2018-6298 CRITICAL
Hanwha Techwin Smartcams - Remote Code Execution
CVSS 9.8
CVE-2018-1000081 HIGH
Ajenti 2 - Denial of Service via ID Parameter Input Validation
CVSS 7.5
CVE-2018-1000077 MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Improper Input Validation in Gem Specification Homepage Attribute
CVSS 5.3
CVE-2018-8065 HIGH
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
CVSS 7.5
CVE-2018-8050 MEDIUM
AFFLIB < 3.7.16 - Denial of Service via Corrupt AFF Image Pagesize Handling
CVSS 6.5
CVE-2018-7237 CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated Arbitrary File Deletion via set_param
CVSS 9.1
CVE-2018-7235 HIGH
Schneider Electric Pelco Sarix Professional < 3.29.67 - Arbitrary System File Download via system.download.sd_file
CVSS 7.5
CVE-2018-7233 CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - OS Command Injection via model_name or mac_address Parameter
CVSS 9.8
CVE-2018-7232 CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - OS Command Injection
CVSS 9.8
CVE-2018-7231 CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - OS Command Injection via system.opkg.remove Parameter
CVSS 9.8
CVE-2018-0214 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command Input
CVSS 5.3
CVE-2018-0213 HIGH
Cisco Identity Services Engine - Authenticated Privilege Escalation via Credential Reset Functionality
CVSS 8.8
CVE-2018-0211 MEDIUM
Cisco Identity Services Engine - Authenticated Denial of Service via CLI Command Input Validation
CVSS 4.4
CVE-2018-0147 CRITICAL KEV
Cisco Secure Access Control System < 5.8 patch 9 - Unauthenticated Remote Code Execution via Java Deserialization
CVSS 9.8
CVE-2018-7753 CRITICAL
Bleach 2.1.0-2.1.2 - Improper Input Validation via Character Entity Bypass
CVSS 9.8
CVE-2018-7739 CRITICAL
antsle antman <0.9.1a - Auth Bypass
CVSS 9.8
CVE-2018-7560 HIGH
aws-lambda-multipart-parser < 0.1.2 - Regular Expression Denial of Service via Crafted Multipart Boundary
CVSS 7.5
CVE-2018-7583 HIGH
DualDesk 20 - Remote Denial of Service via Long String to TCP Port 5500
CVSS 7.5
CVE-2018-7449 HIGH
SEGGER embOS/IP FTP Server < 3.22a - Denial of Service via Invalid LIST STOR or RETR Command
CVSS 7.5
CVE-2018-1058 HIGH
PostgreSQL 9.3-10 - Authenticated Remote Code Execution via Query Behavior Modification
CVSS 8.8
CVE-2018-6490 MEDIUM
Micro Focus Operations Orchestration 10.x - Denial of Service
CVSS 5.9
CVE-2018-1169 HIGH
Amazon Music Player 6.1.5.1213 - RCE
CVSS 8.8
Details
Vulnerabilities 12,599
Exploit Likelihood High