CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,598 vulnerabilities with CWE-20
CVE-2018-0253 CRITICAL
Cisco Secure Access Control System < 5.8 - Unauthenticated Remote Code Execution via AMF Protocol
CVSS 9.8
CVE-2018-0249 MEDIUM
Cisco Aironet Access Point Software - Denial of Service via Malformed 802.11 Association Requests
CVSS 4.3
CVE-2018-0235 HIGH
Cisco Wireless LAN Controller Software - Denial of Service via Malformed 802.11 Management Frame
CVSS 7.4
CVE-2018-0234 HIGH
Cisco Aironet 1810, 1830, and 1850 Series Access Points - Unauthenticated Denial of Service via Malicious GRE Frame
CVSS 8.6
CVE-2018-10578 CRITICAL
WatchGuard AP100-AP200/AP300 <1.2.9.15/<2.0.0.10 - Auth Bypass
CVSS 9.8
CVE-2018-8115 HIGH
Windows Host Compute Service Shim < 0.6.10 - Remote Code Execution via Container Image Import
CVSS 8.6
CVE-2018-1104 HIGH
Ansible Tower <3.2.3 - Code Injection
CVSS 8.8
CVE-2018-10657 HIGH
Matrix Synapse < 0.28.1 - Denial of Service via Malicious Event Depth Injection
CVSS 7.5
CVE-2018-5517 HIGH
F5 BIG-IP 13.1.0-13.1.0.5 - Denial of Service via Malformed TCP Packets
CVSS 7.5
CVE-2018-5515 MEDIUM
F5 BIG-IP 13.1.0-13.1.0.5 - Denial of Service via RADIUS IPv6 Authentication Response
CVSS 4.4
CVE-2018-5514 HIGH
F5 BIG-IP 13.1.0-13.1.0.5 - Denial of Service via Malicious HTTP/2 Request Frames
CVSS 7.5
CVE-2018-10260 HIGH
HRSALE The Ultimate HRM 1.0.2 - LFI
CVSS 8.8
CVE-2018-6589 HIGH
CA Spectrum 10.1-10.2.x - Denial of Service
CVSS 7.5
CVE-2018-1102 HIGH
Openshift Enterprise 3.x - Privilege Escalation
CVSS 8.8
CVE-2018-10468 HIGH
Useless Ethereum Token - Code Injection
CVSS 7.5
CVE-2018-4832 HIGH
Siemens OpenPCS 7 < 7.1 and SIMATIC PCS 7 < 7.1 - Denial of Service via RPC Service
CVSS 7.5
CVE-2018-8826 CRITICAL
ASUS RT-AC Series Firmware - Remote Code Execution
CVSS 9.8
CVE-2018-0260 MEDIUM
Cisco MATE Live - Unauthenticated Directory Traversal via HTTP Request
CVSS 5.3
CVE-2018-0256 MEDIUM
Cisco ASR 5000 Series Software - Denial of Service via Peer-to-Peer Packet Header Validation
CVSS 5.8
CVE-2018-0239 HIGH
Cisco StarOS - Unauthenticated Interface Forwarding Denial of Service via Crafted IP Packet
CVSS 7.5
CVE-2018-0237 MEDIUM
Cisco Advanced Malware Protection for Endpoints - Malware Detection Bypass via DMG File Extension Spoofing
CVSS 5.8
CVE-2018-0231 HIGH
Cisco ASA & FTD <6.1.0.6 DoS via Malicious TLS Message
CVSS 8.6
CVE-2018-0228 HIGH
Cisco ASA 9.1-9.1.7.20, 9.2-9.2.4.27 & FTD 6.0-6.1.0.6 DoS via Ingress Flow Creation
CVSS 8.6
CVE-2018-0112 CRITICAL
Cisco WebEx Meetings Server < 2.8 MR2 - Authenticated Remote Code Execution via Malicious Flash File
CVSS 9.0
CVE-2018-7761 CRITICAL
Schneider Electric Modicon M340, Premium, Quantum PLC, BMXNOR0200 - Remote Code Execution via HTTP Request Parser
CVSS 9.8
Details
Vulnerabilities 12,598
Exploit Likelihood High