CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,598 vulnerabilities with CWE-20
CVE-2018-4198 MEDIUM
Apple tvOS < 11.4 - Denial of Service via Crafted Text File
CVSS 5.5
CVE-2018-4188 MEDIUM
Apple tvOS < 11.4 - Address Bar Spoofing via WebKit
CVSS 6.5
CVE-2018-4187 MEDIUM
iPhone OS < 11.3.1 and macOS < 10.13.4 - UI Spoofing via LinkPresentation URL Handling
CVSS 6.5
CVE-2018-12065 CRITICAL
Creatiwity wityCMS <0.6.2 - Local File Inclusion
CVSS 9.8
CVE-2018-12046 HIGH
DedeCMS <= 5.7SP2 - Arbitrary File Write via file_manage_control.php
CVSS 7.5
CVE-2018-12041 HIGH
MediaTek AWUS036NH Firmware - Denial of Service via Malformed 802.11 Frames
CVSS 7.5
CVE-2018-0355 MEDIUM
Cisco Unified Communications Manager - Cross-Frame Scripting via Insufficient HTML iframe Protection
CVSS 6.1
CVE-2018-0338 HIGH
Cisco Unified Computing System - Authenticated Command Injection via CLI
CVSS 7.8
CVE-2018-0296 HIGH KEV
Cisco ASA & FTD - Unauthenticated DoS & Info Disclosure via HTTP URL
CVSS 7.5
CVE-2018-0274 HIGH
Cisco Network Services Orchestrator <=4.4.2.0 Authenticated RCE via CLI Parser
CVSS 8.8
CVE-2018-3723 HIGH
defaults-deep <0.2.4 - Use After Free
CVSS 8.8
CVE-2018-3719 HIGH
mixin-deep < 1.3.1 - Prototype Pollution via __proto__
CVSS 8.8
CVE-2018-3852 HIGH
Ocularis 5.5.0.242 - Denial of Service via Crafted TCP Packet
CVSS 7.5
CVE-2018-1268 MEDIUM
Cloud Foundry Loggregator Authenticated Log Access and Manipulation via Malicious App GUID Requests
CVSS 6.8
CVE-2018-11808 CRITICAL
Zoho ManageEngine Apps Mgr <13-13740 - Privilege Escalation
CVSS 9.1
CVE-2018-11678 CRITICAL
Monstra CMS 3.0.4 - Login Rate Limiting Bypass via login_attempts Cookie Manipulation
CVSS 9.8
CVE-2018-1002100 MEDIUM
Kubernetes 1.5.0-1.9.5 - Arbitrary Local File Overwrite via kubectl cp Tar Handling
CVSS 4.2
CVE-2018-5522 MEDIUM
F5 BIG-IP 11.5.1-11.5.5, 11.6.1-11.6.3.1, 12.0.0-12.1.2, 13.0.0 DoS via DIAMETER AVP Processing
CVSS 5.9
CVE-2018-5513 HIGH
F5 BIG-IP 11.2.1-11.5.5 - Denial of Service via Malformed TLS Handshake
CVSS 7.5
CVE-2018-11481 HIGH
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, TL-IPC40A-4 <1.0.21 Auth RCE via JSON Injection
CVSS 8.8
CVE-2018-11518 HIGH
HCL Legacy IVR Firmware - Phreaking Attack via Predictable DTMF Signal Replay
CVSS 8.1
CVE-2018-10995 MEDIUM
Slurm < 17.02.11 and 17.1x.x < 17.11.7 - Improper Input Validation
CVSS 5.3
CVE-2018-11548 HIGH
EOS.IO DAWN 4.2 - Denial of Service via Unlimited P2P Connections
CVSS 7.5
CVE-2018-11479 HIGH
Windscribe 1.81 - Unauthenticated Privilege Escalation via Named Pipe Command Injection
CVSS 7.8
CVE-2018-1137 HIGH
Moodle 3.1.0-3.1.11 - Unauthenticated Denial of Service via Portfolio URL Substitution
CVSS 8.1
Details
Vulnerabilities 12,598
Exploit Likelihood High