The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2016-0276
MEDIUM
IBM Financial Transaction Manager 3.0.0.0-3.0.0.11 - Remote Code Execution via JMS ObjectMessage Deserialization
CVSS 6.3
CVE-2016-8535
LOW
HPE Matrix Operating Environment <7.6 - Info Disclosure
CVSS 3.5
CVE-2016-8530
HIGH
HPE Intelligent Management Center < 7.3 - Remote Denial of Service
CVSS 7.5
CVE-2016-8521
MEDIUM
HPE Diagnostics 9.24 IP1, 9.26, 9.26IP1 - Remote Clickjacking
CVSS 6.5
CVE-2016-10712
HIGH
PHP < 5.5.32, 5.6.x < 5.6.18, 7.x < 7.0.3 - Input Validation Bypass via Stream Metadata Manipulation
CVSS 7.5
CVE-2016-0300
MEDIUM
IBM TRIRIGA Application Platform <3.3.2.6, <3.4.2.3, <3.5.0.1 - Inf...
CVSS 5.4
CVE-2016-2983
HIGH
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 - Information Disclosure, Denial of Service, and Security Bypass
CVSS 8.1
CVE-2016-10710
HIGH
Biscom Secure File Transfer 5.0.1000-5.0.1048 - Authenticated Arbitrary File Read and Write via dataFieldId Parameter
CVSS 8.1
CVE-2016-0215
MEDIUM
IBM DB2 9.7, 10.1 < FP6, 10.5 < FP8 - Authenticated Denial of Service via SELECT with AVG OLAP Function
CVSS 6.5
CVE-2016-0207
MEDIUM
IBM Algorithmics One-Algo Risk App <5.1.0 - CSRF
CVSS 5.4
CVE-2016-10703
HIGH
ecstatic < 2.0.0 - Denial of Service via Malicious String Input
CVSS 7.5
CVE-2016-3090
HIGH
Apache Struts 2.x < 2.3.20 - Remote Code Execution via OGNL Expression Injection
CVSS 8.8
CVE-2016-4461
HIGH
Apache Struts 2.0.0-2.3.28 - Remote Code Execution via Forced Double OGNL Evaluation
CVSS 8.8
CVE-2016-9263
MEDIUM
WordPress < 4.8.2 - Cross-Domain Flash Injection via flashmediaelement.swf
CVSS 4.7
CVE-2016-8738
MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
CVSS 5.9
CVE-2016-5759
HIGH
mkdumprd - Local Privilege Escalation
CVSS 7.8
CVE-2016-4462
HIGH
Apache OFBiz - Authenticated Remote Code Execution via ExternalLoginKey Freemarker Injection
CVSS 8.8
CVE-2016-2977
MEDIUM
IBM Sametime 8.5.2, 9.0 - Unauthenticated Meeting Hand Lowering via Input Validation Bypass
CVSS 4.3
CVE-2016-10503
MEDIUM
IBM Sametime 8.5.2-9.0.1 - Authenticated Meeting Vote Spoofing via Hand Lowering
CVSS 4.3
CVE-2016-5872
CRITICAL
Qualcomm Products with Android CAF Linux Kernel - Improper Input Validation in QTEE Syscalls
CVSS 9.8
CVE-2016-10391
CRITICAL
Qualcomm Android - Improper Input Validation in HCI Command Length Check
CVSS 9.8
CVE-2016-10387
CRITICAL
Google Android - Improper Input Validation
CVSS 9.8
CVE-2016-10384
CRITICAL
Google Android - Improper Input Validation
CVSS 9.8
CVE-2016-10347
CRITICAL
Qualcomm Android Hypervisor - Improper Input Validation
CVSS 9.8
CVE-2016-4456
HIGH
gnutls 3.4.12 - Arbitrary File Write via GNUTLS_KEYLOGFILE Environment Variable
CVSS 7.5
Details
Vulnerabilities
12,622
Exploit Likelihood
High