The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2016-11052
HIGH
Samsung Android L - Memory Corruption via Malformed JPEG File in Qt Qjpeg
CVSS 7.8
CVE-2016-11048
MEDIUM
Samsung Android L - Factory Reset Protection Bypass
CVSS 4.6
CVE-2016-11046
HIGH
Samsung Android JBP KK L - Unauthenticated Call and SMS Injection via Whitelist Bypass
CVSS 7.5
CVE-2016-2031
CRITICAL
Aruba Instate <4.1.3.0-4.2.3.1 - Privilege Escalation
CVSS 9.8
CVE-2016-6585
MEDIUM
Symantec Norton Mobile Security <3.16 - DoS
CVSS 5.3
CVE-2016-6586
LOW
Symantec Norton Mobile Security <3.16 - Auth Bypass
CVSS 3.7
CVE-2016-6589
MEDIUM
Symantec IT Management Suite 8.0 - Denial of Service via Workflow Process Manager Login Window
CVSS 6.5
CVE-2016-1000104
HIGH
mod_fcgid <2016-07-07 - Auth Bypass
CVSS 8.8
CVE-2016-10991
HIGH
imdb-widget < 1.0.9 - Local File Inclusion
CVSS 7.5
CVE-2016-10960
HIGH
wsecure < 2.4 - Remote Code Execution via wsecure-config.php Publish Parameter
CVSS 8.8
CVE-2016-10956
HIGH
mail-masta 1.0 - Local File Inclusion in count_of_send.php and csvexport.php
CVSS 7.5
CVE-2016-10948
HIGH
Post Indexer < 3.0.6.2 - Remote Code Execution via Unserialize Function
CVSS 8.1
CVE-2016-10930
CRITICAL
WP Support Plus Responsive Ticket System < 7.1.0 - Insecure Direct Object Reference via Ticket Number
CVSS 9.8
CVE-2016-10899
MEDIUM
Fabrix Total Security < 3.4.1 - Unauthenticated Settings Change
CVSS 5.3
CVE-2016-10812
HIGH
cPanel 11.50.0.4-11.50.6.2 - Unauthenticated TTY Exposure via enablefileprotect Script
CVSS 8.8
CVE-2016-10808
HIGH
cPanel 11.50.0.4-11.50.6.2 - Improper Input Validation in /scripts/addpop and /scripts/delpop
CVSS 8.8
CVE-2016-10807
MEDIUM
cPanel 11.50.0.4-11.50.6.2 - Denial of Service via /scripts/killpvhost
CVSS 6.5
CVE-2016-10805
HIGH
cPanel 11.50.0.4-11.50.6.2 - Authenticated Remote Code Execution via ajax_maketext_syntax_util.pl
CVSS 8.8
CVE-2016-10804
HIGH
cPanel 11.50.0.4-11.50.6.2 - Arbitrary File Overwrite via SQLite Journal Feature
CVSS 8.1
CVE-2016-10800
HIGH
cPanel 55.9999.61-56.0.27 - Unauthenticated Demo-Mode Escape via Site Templates and Boxtrapper API
CVSS 7.8
CVE-2016-10793
HIGH
cPanel 11.51.9999.98-11.52.6.6 - Remote Code Execution via Mail::SPF Script Shebang
CVSS 8.8
CVE-2016-10789
HIGH
cPanel 11.54.0.0-11.54.0.33 - Remote Code Execution via cpsrvd 403 Error Response Handler
CVSS 8.8
CVE-2016-10788
HIGH
cPanel 11.54.0.0-11.54.0.33 - Remote Code Execution via Maketext in PostgreSQL adminbin
CVSS 8.8
CVE-2016-10787
HIGH
cPanel 11.54.0.0-11.54.0.33 - Improper Input Validation in Host Access Control
CVSS 8.1
CVE-2016-10775
MEDIUM
cPanel 11.54.0.0-11.54.0.33 - Arbitrary File Chown via reassign_post_terminate_cruft
CVSS 6.5
Details
Vulnerabilities
12,622
Exploit Likelihood
High