The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2016-8625
MEDIUM
curl < 7.51.0 - Unauthenticated Host Spoofing via Outdated IDNA 2003 Standard
CVSS 5.3
CVE-2016-8624
MEDIUM
curl < 7.51.0 - URL Authority Parsing Flaw via Hostname Ending with '#'
CVSS 5.3
CVE-2016-8631
MEDIUM
OpenShift Enterprise 3 - Route Overwrite via Improper Route Sorting
CVSS 6.3
CVE-2016-8611
MEDIUM
OpenStack Glance - Denial of Service via Unbounded Image Upload
CVSS 4.3
CVE-2016-8626
MEDIUM
Red Hat Ceph < 0.94.9-8 - Authenticated Denial of Service via POST Object Request
CVSS 6.5
CVE-2016-9578
HIGH
spice < 0.13.90 - Denial of Service via Crafted Protocol Messages
CVSS 7.5
CVE-2016-9577
HIGH
spice < 0.13.90 - Authenticated Heap Overflow via Crafted Protocol Messages
CVSS 7.5
CVE-2016-8647
MEDIUM
Ansible < 2.2.1.0 - Improper Input Validation in mysql_user Module
CVSS 4.9
CVE-2016-10728
MEDIUM
Suricata < 3.1.2 - Rule Grouping Bypass via ICMPv4 Error Packet
CVSS 5.3
CVE-2016-9494
MEDIUM
Hughes HN7740S DW7000 HN7000S/SM Firmware - Denial of Service via Malformed GET Request
CVSS 6.5
CVE-2016-6567
CRITICAL
SHDesigns Resident Download Manager - RCE
CVSS 9.8
CVE-2016-6565
HIGH
Imagely NextGen Gallery <2.1.57 - Info Disclosure
CVSS 7.5
CVE-2016-6542
LOW
iTrackEasy - Improper Input Validation in Device Tracking ID
CVSS 3.7
CVE-2016-9901
CRITICAL
Redhat Enterprise Linux Aus < 45.6.0 - Improper Input Validation
CVSS 9.8
CVE-2016-9076
MEDIUM
Firefox < 50.0 - Location Bar Spoofing via Select Dropdown Overlay
CVSS 5.9
CVE-2016-9065
HIGH
Firefox < 50.0 for Android - Location Bar Spoofing via Fullscreen Mode
CVSS 7.5
CVE-2016-5298
MEDIUM
Firefox < 50.0 - Favicon and SSL Indicator Spoofing via Page Load Disruption
CVSS 6.5
CVE-2016-5294
MEDIUM
Firefox < 45.5.0 and Thunderbird < 45.5.0 - Arbitrary File Write via Updater Working Directory
CVSS 5.5
CVE-2016-5293
MEDIUM
Firefox < 50 - Arbitrary Local File Write via Updater Log File Hardlink
CVSS 5.5
CVE-2016-5292
MEDIUM
Firefox < 50.0 - Denial of Service via Malicious URL Parsing
CVSS 6.5
CVE-2016-5291
MEDIUM
Firefox < 50 and Firefox ESR < 45.5 - Same-Origin Policy Bypass via Local Shortcut Files
CVSS 5.5
CVE-2016-9042
MEDIUM
ntp 4.2.8p9 - Unauthenticated Denial of Service via Origin Timestamp Check Bypass
CVSS 5.9
CVE-2016-10555
MEDIUM
jwt-simple < 0.3.0 - Unauthenticated Algorithm Substitution via jwt.decode()
CVSS 6.5
CVE-2016-10544
MEDIUM
uws 0.10.0-0.10.8 - Denial of Service via WebSocket Message Decompression
CVSS 5.9
CVE-2016-10543
MEDIUM
call 2.0.1-3.0.1 - Improper Input Validation via Empty Parameter Bypass
CVSS 5.3
Details
Vulnerabilities
12,622
Exploit Likelihood
High