The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,635 vulnerabilities with CWE-20
CVE-2015-0650
Cisco IOS XE 3.9.xS-3.13.xS - Denial of Service via Malformed mDNS UDP Packets
CVE-2015-0649
Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3 - Denial of Service via Malformed CIP TCP Packets
CVE-2015-0647
Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3 - Denial of Service via Malformed CIP UDP Packets
CVE-2015-0645
Cisco IOS XE 2.x-3.x - Denial of Service via Malformed IPv4/IPv6 Packets
CVE-2015-0644
Cisco IOS XE 3.8-3.15 RCE or DoS via Crafted TCP Packet
CVE-2015-0642
Cisco IOS XE 2.5.x-3.13.xS & IOS 12.2-15.4 DoS via Malformed IKEv2 Packets
CVE-2015-0641
Cisco IOS XE < 3.15.0S DoS via Crafted IPv6 Packets
CVE-2015-0640
Cisco IOS XE 2.x-3.x - Denial of Service via Large IP Packet Fragmentation
CVE-2015-0639
Cisco IOS XE 3.6-3.15 - Denial of Service via Malformed IPv6 Packets with IPv4 UDP Encapsulation
CVE-2015-0638
Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3 - Denial of Service via Crafted ICMPv4 Packets
CVE-2015-0637
Cisco IOS and IOS XE - Denial of Service via Spoofed AN Messages
CVE-2015-0636
Cisco IOS and IOS XE - Denial of Service via Spoofed AN Messages
CVE-2015-0635
Cisco IOS and IOS XE - Denial of Service via Spoofed ANRA Responses
CVE-2015-0252
Debian Linux < 3.1.1 - Improper Input Validation
CVE-2015-0137
IBM PowerVC Standard 1.2.0.x-1.2.0.3 and 1.2.1.x-1.2.1.x - Certificate Spoofing via Man-in-the-Middle Attack
CVE-2015-0669
Cisco IOS 15.4S and 15.4(3)S - Denial of Service via Crafted Autonomic Networking Messages
CVE-2015-1787
OpenSSL 1.0.2 - Denial of Service via Zero-Length ClientKeyExchange Message
CVE-2015-0293
OpenSSL < 0.9.8zf, 1.0.0 < 1.0.0r, 1.0.1 < 1.0.1m, 1.0.2 < 1.0.2a - DoS via SSLv2 CLIENT-MASTER-KEY
CVE-2015-0664
Cisco AnyConnect Secure Mobility Client < 4.0(.00051) - Privilege Escalation via IPC Channel Message Crafting
CVE-2015-0980
SCADA Engine BACnet OPC Server < 2.1.359.22 - Remote Code Execution via Format String Specifiers
CVE-2015-1782
Debian Linux < 1.4.3 - Improper Input Validation
CVE-2015-0652
Cisco Expressway < X8.2 & TelePresence Conductor < XC2.4 DoS via Crafted SDP
CVE-2015-0523
EMC RSA Certificate Manager and Registration Manager < 6.9 - Denial of Service via Invalid MIME Email
CVE-2015-2187
Opensuse - Improper Input Validation
CVE-2015-0228
Apache HTTP Server < 2.4.12 - Denial of Service via Crafted WebSocket Ping Frame
Details
Vulnerabilities
12,635
Exploit Likelihood
High