The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,622 vulnerabilities with CWE-20
CVE-2016-7976
HIGH
Ghostscript 9.18 and 9.20 - Remote Code Execution via Crafted Userparams
CVSS 8.8
CVE-2016-9719
MEDIUM
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, 11.6 - Clickjacking
CVSS 5.7
CVE-2016-9717
MEDIUM
IBM InfoSphere Master Data Management 10.1-11.6 - HTTP Parameter Override via Duplicated Parameters
CVSS 6.5
CVE-2016-2161
HIGH
Apache HTTP Server 2.4.0-2.4.23 - Denial of Service via mod_auth_digest Input
CVSS 7.5
CVE-2016-10397
HIGH
PHP < 5.6.28 and 7.x < 7.0.13 - URL Parsing Bypass via Incorrect Hostname Validation
CVSS 7.5
CVE-2016-10338
HIGH
Android - Improper Input Validation in RPMB Processing
CVSS 7.8
CVE-2016-10337
MEDIUM
Android - Improper Input Validation in Secure Application Validation
CVSS 5.5
CVE-2016-8218
CRITICAL
Cloud Foundry Foundation <0.142.0 and cf-release 203-231 - Auth Bypass
CVSS 9.8
CVE-2016-7821
MEDIUM
Buffalo WNC01WH <= 1.0.0.8 - Denial of Service
CVSS 6.5
CVE-2016-9977
HIGH
IBM Maximo Asset Management 7.1, 7.5, 7.6 - Session Hijacking via Invalid Session Identifier
CVSS 8.8
CVE-2016-6087
CRITICAL
IBM Domino 8.5-9.0 - Credential Theft via TLS Key Exchange Validation
CVSS 9.8
CVE-2016-2165
MEDIUM
cf-release < 231 and Elastic Runtime < 1.5.19/1.6.20 - Cross-Site Scripting via Loggregator Traffic Controller
CVSS 6.5
CVE-2016-5178
CRITICAL
Google Chrome < 53.0.2785.143 - Denial of Service via Improper Input Validation
CVSS 9.8
CVE-2016-4838
HIGH
Money Forward Android Apps - Unintended Operation Execution via Specially Crafted Application
CVSS 7.8
CVE-2016-7476
HIGH
F5 BIG-IP TMM - Denial of Service via Crafted TCP Packet
CVSS 7.5
CVE-2016-10371
MEDIUM
LibTIFF 4.0.6 - Denial of Service via Crafted TIFF File
CVSS 5.5
CVE-2016-9253
HIGH
F5 BIG-IP 12.1.0-12.1.2 - Denial of Service via WebSocket Traffic
CVSS 7.5
CVE-2016-6877
MEDIUM
Citrix XenMobile Server < 10.5.0.24 - HTTP Host Header Redirection
CVSS 5.3
CVE-2016-9692
HIGH
IBM WebSphere Cast Iron Solution 7.0.0-7.5.0.0 - Server-Side Request Forgery via Improper Input Validation
CVSS 8.6
CVE-2016-10243
CRITICAL
Debian Linux - Improper Input Validation
CVSS 9.8
CVE-2016-3109
CRITICAL
Shopware < 5.1.5 - Remote Code Execution via Backend Login Load Script
CVSS 9.8
CVE-2016-2173
CRITICAL
Fedora < 1.5.5 - Improper Input Validation
CVSS 9.8
CVE-2016-4841
MEDIUM
Cybozu Mailwise < 5.4.0 - Email Header Injection
CVSS 4.3
CVE-2016-7536
MEDIUM
ImageMagick < 6.9.4-0 - Denial of Service via Crafted Profile
CVSS 6.5
CVE-2016-4862
HIGH
CS-Cart < 4.3.9 - Authenticated Remote Code Execution via Twigmo
CVSS 8.8
Details
Vulnerabilities
12,622
Exploit Likelihood
High