The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,598 vulnerabilities with CWE-20
CVE-2018-4198
MEDIUM
Apple tvOS < 11.4 - Denial of Service via Crafted Text File
CVSS 5.5
CVE-2018-4188
MEDIUM
Apple tvOS < 11.4 - Address Bar Spoofing via WebKit
CVSS 6.5
CVE-2018-4187
MEDIUM
iPhone OS < 11.3.1 and macOS < 10.13.4 - UI Spoofing via LinkPresentation URL Handling
CVSS 6.5
CVE-2018-12065
CRITICAL
Creatiwity wityCMS <0.6.2 - Local File Inclusion
CVSS 9.8
CVE-2018-12046
HIGH
DedeCMS <= 5.7SP2 - Arbitrary File Write via file_manage_control.php
CVSS 7.5
CVE-2018-12041
HIGH
MediaTek AWUS036NH Firmware - Denial of Service via Malformed 802.11 Frames
CVSS 7.5
CVE-2018-0355
MEDIUM
Cisco Unified Communications Manager - Cross-Frame Scripting via Insufficient HTML iframe Protection
CVSS 6.1
CVE-2018-0338
HIGH
Cisco Unified Computing System - Authenticated Command Injection via CLI
CVSS 7.8
CVE-2018-0296
HIGH
KEV
Cisco ASA & FTD - Unauthenticated DoS & Info Disclosure via HTTP URL
CVSS 7.5
CVE-2018-0274
HIGH
Cisco Network Services Orchestrator <=4.4.2.0 Authenticated RCE via CLI Parser
CVSS 8.8
CVE-2018-3723
HIGH
defaults-deep <0.2.4 - Use After Free
CVSS 8.8
CVE-2018-3719
HIGH
mixin-deep < 1.3.1 - Prototype Pollution via __proto__
CVSS 8.8
CVE-2018-3852
HIGH
Ocularis 5.5.0.242 - Denial of Service via Crafted TCP Packet
CVSS 7.5
CVE-2018-1268
MEDIUM
Cloud Foundry Loggregator Authenticated Log Access and Manipulation via Malicious App GUID Requests
CVSS 6.8
CVE-2018-11808
CRITICAL
Zoho ManageEngine Apps Mgr <13-13740 - Privilege Escalation
CVSS 9.1
CVE-2018-11678
CRITICAL
Monstra CMS 3.0.4 - Login Rate Limiting Bypass via login_attempts Cookie Manipulation
CVSS 9.8
CVE-2018-1002100
MEDIUM
Kubernetes 1.5.0-1.9.5 - Arbitrary Local File Overwrite via kubectl cp Tar Handling
CVSS 4.2
CVE-2018-5522
MEDIUM
F5 BIG-IP 11.5.1-11.5.5, 11.6.1-11.6.3.1, 12.0.0-12.1.2, 13.0.0 DoS via DIAMETER AVP Processing
CVSS 5.9
CVE-2018-5513
HIGH
F5 BIG-IP 11.2.1-11.5.5 - Denial of Service via Malformed TLS Handshake
CVSS 7.5
CVE-2018-11481
HIGH
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, TL-IPC40A-4 <1.0.21 Auth RCE via JSON Injection
CVSS 8.8
CVE-2018-11518
HIGH
HCL Legacy IVR Firmware - Phreaking Attack via Predictable DTMF Signal Replay
CVSS 8.1
CVE-2018-10995
MEDIUM
Slurm < 17.02.11 and 17.1x.x < 17.11.7 - Improper Input Validation
CVSS 5.3
CVE-2018-11548
HIGH
EOS.IO DAWN 4.2 - Denial of Service via Unlimited P2P Connections
CVSS 7.5
CVE-2018-11479
HIGH
Windscribe 1.81 - Unauthenticated Privilege Escalation via Named Pipe Command Injection
CVSS 7.8
CVE-2018-1137
HIGH
Moodle 3.1.0-3.1.11 - Unauthenticated Denial of Service via Portfolio URL Substitution
CVSS 8.1
Details
Vulnerabilities
12,598
Exploit Likelihood
High