The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,623 vulnerabilities with CWE-20
CVE-2016-4038
HIGH
Samsung devices <Android 5 - Local Impact
CVSS 7.8
CVE-2016-9420
CRITICAL
MyBB and MyBB Merge System < 1.8.8 - Remote Code Execution via Loose Comparison False Positives
CVSS 9.8
CVE-2016-9249
HIGH
BIG-IP Local Traffic Manager - Denial of Service via TCP Fast Open Traffic Pattern
CVSS 7.5
CVE-2016-6267
HIGH
Trend Micro Smart Protection Server <3.0.1330 - Command Injection
CVSS 8.8
CVE-2016-6266
HIGH
Trend Micro Smart Protection Server <3.0.1330 - Command Injection
CVSS 8.8
CVE-2016-9939
HIGH
Crypto++ 5.6.4 - Denial of Service via ASN.1 BER Decoding Memory Allocation
CVSS 7.5
CVE-2016-2517
MEDIUM
NTP < 4.2.8p7 and 4.3.x < 4.3.92 - Denial of Service via Trusted Key Manipulation
CVSS 5.3
CVE-2016-2516
MEDIUM
NTP < 4.2.8p7 and 4.3.x < 4.3.92 - Denial of Service via Mode7 Unconfig Directive
CVSS 5.3
CVE-2016-10176
CRITICAL
NETGEAR WNR2000v5 Firmware < 1.0.0.34 - Unauthenticated Remote Code Execution via apply_noauth.cgi
CVSS 9.8
CVE-2016-9795
HIGH
Broadcom CA Workload Automation AE - Improper Input Validation
CVSS 7.8
CVE-2016-9317
MEDIUM
libgd < 2.2.4 - Denial of Service via Oversized Image
CVSS 5.5
CVE-2016-10024
MEDIUM
Xen < 4.8.0 - Denial of Service via Asynchronous Instruction Stream Modification
CVSS 6.0
CVE-2016-9385
MEDIUM
Xen 4.4.x-4.7.x - Denial of Service via x86 Segment Base Write Emulation
CVSS 6.0
CVE-2016-9383
HIGH
Xen - Memory Corruption via Bit Test Instruction Emulation
CVSS 8.8
CVE-2016-9380
HIGH
Xen - Arbitrary File Read and Delete via pygrub Boot Loader NUL Byte Handling
CVSS 7.5
CVE-2016-9379
HIGH
Xen - Arbitrary File Read and Delete via pygrub Boot Loader S-expression Handling
CVSS 7.9
CVE-2016-6603
CRITICAL
ZOHO WebNMS Framework 5.2-5.2 SP1 - Auth Bypass
CVSS 9.8
CVE-2016-5119
HIGH
KeePass < 2.33 - Remote Code Execution via Spoofed Update Check
CVSS 7.5
CVE-2016-4793
HIGH
CakePHP < 3.2.4 - IP Spoofing via CLIENT-IP HTTP Header
CVSS 7.5
CVE-2016-9436
MEDIUM
Opensuse Leap < 0.5.3\+git20160718 - Improper Input Validation
CVSS 6.5
CVE-2016-9435
MEDIUM
Opensuse Leap < 0.5.3\+git20160718 - Improper Input Validation
CVSS 6.5
CVE-2016-7543
HIGH
Bash < 4.3 - Local Privilege Escalation via SHELLOPTS and PS4 Environment Variables
CVSS 8.4
CVE-2016-5222
MEDIUM
Google Chrome < 55.0.2883.75 - URL Spoofing via Omnibox Manipulation
CVSS 6.5
CVE-2016-5218
MEDIUM
Google Chrome < 55.0.2883.75 - URL Spoofing via PDF Navigation
CVSS 6.5
CVE-2016-5197
HIGH
Google Chrome < 54.0.2840.85 for Android - Arbitrary Activity Launch via Intent URL
CVSS 8.8
Details
Vulnerabilities
12,623
Exploit Likelihood
High