The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,624 vulnerabilities with CWE-20
CVE-2016-3000
MEDIUM
IBM Connections 4.x-4.5 CR5, 5.0 < CR4, 5.5 < CR1 - Authenticated Denial of Service via Help Service URL
CVSS 4.3
CVE-2016-5174
MEDIUM
Google Chrome < 53.0.2785.101 - Denial of Service via Fullscreen Toggle Request
CVSS 6.5
CVE-2016-4753
HIGH
Apple iOS < 10, macOS < 10.12, tvOS < 10, watchOS < 3 - Remote Code Execution via Crafted App
CVSS 7.8
CVE-2016-4728
HIGH
Safari < 10.0 - Remote Code Execution via WebKit Error Prototype Mishandling
CVSS 8.8
CVE-2016-4722
MEDIUM
Apple iOS <9.3.5 and macOS <10.11.6 - Denial of Service via Call Relay Spoofing
CVSS 5.9
CVE-2016-4711
HIGH
Apple iOS <9.3.5 and macOS <10.11.6 - Cleartext Information Exposure via CCrypt Buffer Overlap
CVSS 7.5
CVE-2016-4706
MEDIUM
macOS < 10.11.6 - Denial of Service via cd9660
CVSS 5.5
CVE-2016-4701
MEDIUM
macOS < 10.11.6 - Denial of Service via SO_EXECPATH Environment Variable
CVSS 6.2
CVE-2016-4698
HIGH
Apple iOS < 10 and macOS < 10.12 - Privilege Escalation via Task Port Inheritance Policy
CVSS 7.8
CVE-2016-6412
MEDIUM
Cisco IOS 15.6(1)T1 and IOS XE - Arbitrary Download via Crafted HTTP Headers
CVSS 6.5
CVE-2016-6411
HIGH
Cisco Firepower <6.0.1 - Open Redirect
CVSS 7.5
CVE-2016-6410
MEDIUM
Cisco IOS - Authenticated Arbitrary File Read via CAF Component
CVSS 6.5
CVE-2016-6374
CRITICAL
Cisco Cloud Services Platform 2100 2.0 - Remote Code Execution via DNS Lookup Command
CVSS 9.8
CVE-2016-5284
HIGH
Firefox < 49.0 and Firefox ESR 45.x < 45.4 - Man-in-the-Middle Spoofing via Preloaded Public Key Pinning Bypass
CVSS 7.4
CVE-2016-5272
HIGH
Firefox < 48.0.2 - Remote Code Execution via nsImageGeometryMixin Input Handling
CVSS 8.8
CVE-2016-6824
MEDIUM
Huawei AC6003/AC6005/AC6605/ACU2 < V200R006C10SPC200 DoS via CAPWAP
CVSS 6.5
CVE-2016-5418
HIGH
libarchive <3.2.0 - Code Injection
CVSS 7.5
CVE-2016-4809
HIGH
Redhat Enterprise Linux Desktop < 3.2.0 - Improper Input Validation
CVSS 7.5
CVE-2016-1483
HIGH
Cisco WebEx Meetings Server 2.6 - DoS
CVSS 7.5
CVE-2016-6405
MEDIUM
Cisco Fog Director 1.0(0) - Auth Bypass
CVSS 6.5
CVE-2016-7417
CRITICAL
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via SplArray Unserialization
CVSS 9.8
CVE-2016-6302
HIGH
OpenSSL - Denial of Service via Short TLS Ticket
CVSS 7.5
CVE-2016-3378
HIGH
Microsoft Exchange Server 2013 SP1, 2013 CU12, 2013 CU13, 2016 CU1, 2016 CU2 - Open Redirect via Crafted URL
CVSS 7.4
CVE-2016-3292
MEDIUM
Microsoft Internet Explorer 10 and 11 - Sandbox Protection Bypass via Integrity and Zone Settings Mishandling
CVSS 5.0
CVE-2016-6399
HIGH
Cisco ACE Application Control Engine Module A1 and A3 - Denial of Service via Crafted SSL/TLS Packets
CVSS 7.5
Details
Vulnerabilities
12,624
Exploit Likelihood
High