The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2016-10771
HIGH
cPanel 11.54.0.0-11.54.0.33 - Arbitrary File Creation and Permission Change via ModSecurity Audit Log Processing
CVSS 8.1
CVE-2016-10770
MEDIUM
cPanel 11.54.0.0-11.54.0.33 - Arbitrary File Overwrite during Roundcube Update
CVSS 6.5
CVE-2016-10768
MEDIUM
cPanel 11.54.0.0-11.54.0.32 - Arbitrary File Overwrite during MySQL Upgrade Preparation
CVSS 6.5
CVE-2016-10816
HIGH
cPanel 11.50.0.4-11.50.6.2 - Authenticated Remote Code Execution via Webmail Forwarders
CVSS 8.8
CVE-2016-10814
HIGH
cPanel 11.50.0.4-11.50.6.2 - Demo Mode Escape via show_template.stor
CVSS 8.8
CVE-2016-10824
CRITICAL
cPanel 11.50.0.4-11.50.5.1 - Unauthenticated Remote Code Execution via DNS NS Entry Poisoning
CVSS 9.8
CVE-2016-10823
HIGH
cPanel 11.50.0.4-11.50.5.2 - Remote Code Execution via MakeText Interpolation
CVSS 8.8
CVE-2016-10842
MEDIUM
cPanel 11.48.0.5-11.48.5.2 - Unauthenticated Arbitrary File Read via setup_global_spam_filter.pl
CVSS 6.5
CVE-2016-10858
CRITICAL
cPanel 11.48.0.5-11.48.4.8 - Unauthenticated Remote Code Execution via DNS NS Entry Poisoning
CVSS 9.8
CVE-2016-10855
CRITICAL
cPanel 11.48.0.5-11.48.5.2 - Unauthenticated Remote Code Execution via cpsrvd
CVSS 9.8
CVE-2016-10850
HIGH
cPanel 11.48.0.5-11.48.5.2 - Remote Code Execution via synccpaddonswithsqlhost Script
CVSS 8.8
CVE-2016-10765
MEDIUM
edx-platform < 2016-06-10 - Account Activation with Spoofed Email Address
CVSS 5.3
CVE-2016-1586
LOW
Oxide < 1.18.3 - Unauthenticated Use-After-Free via Incognito BrowserContext Reuse
CVSS 1.8
CVE-2016-10739
MEDIUM
glibc < 2.28 - Improper Input Validation in getaddrinfo
CVSS 5.3
CVE-2016-9749
MEDIUM
IBM Campaign 9.1.0, 9.1.2, 10.0, 10.1 - Authenticated Security Bypass via Improper Input Validation
CVSS 4.0
CVE-2016-2125
MEDIUM
Samba < 4.3.13 - Improper Authentication via Forwardable Kerberos Ticket Request
CVSS 6.5
CVE-2016-7475
HIGH
BIG-IP 11.4.0-11.6.1 - Denial of Service via SPDY/HTTP2 Connection Handling
CVSS 7.5
CVE-2016-7074
MEDIUM
PowerDNS Authoritative < 3.4.11 and Recursor < 4.0.4 - AXFR TSIG Signature Bypass via Missing Last Record Check
CVSS 5.3
CVE-2016-7073
MEDIUM
PowerDNS Authoritative < 3.4.11 and Recursor < 3.7.4 - AXFR TSIG Replay Attack via Missing Time Validation
CVSS 5.3
CVE-2016-7069
MEDIUM
dnsdist < 1.2.0 - Denial of Service via EDNS0 OPT Record Parsing
CVSS 5.9
CVE-2016-7068
MEDIUM
PowerDNS Authoritative < 3.4.11 and Recursor < 3.7.4 - Unauthenticated Denial of Service via Crafted DNS Queries
CVSS 5.3
CVE-2016-7072
MEDIUM
PowerDNS Authoritative < 3.4.11 and 4.0.2 - Unauthenticated Denial of Service via TCP Connection Exhaustion
CVSS 5.3
CVE-2016-1000232
MEDIUM
tough-cookie < 2.3.0 - Denial of Service via HTTP Cookie Header Parsing
CVSS 5.3
CVE-2016-9579
MEDIUM
Ceph Storage - Unauthenticated Denial of Service via CORS Policy Bypass
CVSS 6.5
CVE-2016-8651
LOW
OpenShift 3 - Unauthenticated Image Information Disclosure via Manifest Request
CVSS 3.1
Details
Vulnerabilities
12,622
Exploit Likelihood
High