The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,599 vulnerabilities with CWE-20
CVE-2018-0885
MEDIUM
Microsoft Hyper-V Network Switch - Denial of Service via Privileged Guest Input
CVSS 5.8
CVE-2018-0868
HIGH
Windows Installer - Elevation of Privilege via Improper Input Validation
CVSS 7.0
CVE-2018-1000125
CRITICAL
inversoft prime-jwt <1.3.0 - Info Disclosure
CVSS 9.8
CVE-2018-6298
CRITICAL
Hanwha Techwin Smartcams - Remote Code Execution
CVSS 9.8
CVE-2018-1000081
HIGH
Ajenti 2 - Denial of Service via ID Parameter Input Validation
CVSS 7.5
CVE-2018-1000077
MEDIUM
RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Improper Input Validation in Gem Specification Homepage Attribute
CVSS 5.3
CVE-2018-8065
HIGH
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
CVSS 7.5
CVE-2018-8050
MEDIUM
AFFLIB < 3.7.16 - Denial of Service via Corrupt AFF Image Pagesize Handling
CVSS 6.5
CVE-2018-7237
CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated Arbitrary File Deletion via set_param
CVSS 9.1
CVE-2018-7235
HIGH
Schneider Electric Pelco Sarix Professional < 3.29.67 - Arbitrary System File Download via system.download.sd_file
CVSS 7.5
CVE-2018-7233
CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - OS Command Injection via model_name or mac_address Parameter
CVSS 9.8
CVE-2018-7232
CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - OS Command Injection
CVSS 9.8
CVE-2018-7231
CRITICAL
Schneider Electric Pelco Sarix Professional < 3.29.67 - OS Command Injection via system.opkg.remove Parameter
CVSS 9.8
CVE-2018-0214
MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command Input
CVSS 5.3
CVE-2018-0213
HIGH
Cisco Identity Services Engine - Authenticated Privilege Escalation via Credential Reset Functionality
CVSS 8.8
CVE-2018-0211
MEDIUM
Cisco Identity Services Engine - Authenticated Denial of Service via CLI Command Input Validation
CVSS 4.4
CVE-2018-0147
CRITICAL
KEV
Cisco Secure Access Control System < 5.8 patch 9 - Unauthenticated Remote Code Execution via Java Deserialization
CVSS 9.8
CVE-2018-7753
CRITICAL
Bleach 2.1.0-2.1.2 - Improper Input Validation via Character Entity Bypass
CVSS 9.8
CVE-2018-7739
CRITICAL
antsle antman <0.9.1a - Auth Bypass
CVSS 9.8
CVE-2018-7560
HIGH
aws-lambda-multipart-parser < 0.1.2 - Regular Expression Denial of Service via Crafted Multipart Boundary
CVSS 7.5
CVE-2018-7583
HIGH
DualDesk 20 - Remote Denial of Service via Long String to TCP Port 5500
CVSS 7.5
CVE-2018-7449
HIGH
SEGGER embOS/IP FTP Server < 3.22a - Denial of Service via Invalid LIST STOR or RETR Command
CVSS 7.5
CVE-2018-1058
HIGH
PostgreSQL 9.3-10 - Authenticated Remote Code Execution via Query Behavior Modification
CVSS 8.8
CVE-2018-6490
MEDIUM
Micro Focus Operations Orchestration 10.x - Denial of Service
CVSS 5.9
CVE-2018-1169
HIGH
Amazon Music Player 6.1.5.1213 - RCE
CVSS 8.8
Details
Vulnerabilities
12,599
Exploit Likelihood
High