The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,628 vulnerabilities with CWE-20
CVE-2016-3743
CRITICAL
Android 6.x - Remote Code Execution via Crafted Media File
CVSS 9.8
CVE-2016-3742
CRITICAL
Android 6.x - Remote Code Execution via Crafted Media File in Intra Mode Handling
CVSS 9.8
CVE-2016-3741
CRITICAL
Android 6.x - Remote Code Execution via Crafted H.264 Media File
CVSS 9.8
CVE-2016-4324
HIGH
LibreOffice <5.1.4 - Remote Code Execution
CVSS 7.8
CVE-2016-1444
MEDIUM
Cisco TelePresence VCS/X8.1-8.7 & Expressway X8.1-8.6 - Auth Bypass
CVSS 6.5
CVE-2016-1442
HIGH
Cisco Prime Infrastructure <3.1.1 - Command Injection
CVSS 8.8
CVE-2016-6170
MEDIUM
ISC BIND < 9.9.8, 9.10.x < 9.10.4-P1, 9.11.x < 9.11.0b1 - Denial of Service via Large AXFR/IXFR/UPDATE Responses
CVSS 6.5
CVE-2016-4465
MEDIUM
Apache Struts 2.3.20-2.3.28.1 and 2.5.x < 2.5.1 - Denial of Service via URLValidator Null Value
CVSS 5.3
CVE-2016-4438
CRITICAL
Apache Struts 2.3.19-2.3.28.1 - Remote Code Execution via REST Plugin
CVSS 9.8
CVE-2016-4433
HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
CVSS 7.5
CVE-2016-4431
HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
CVSS 7.5
CVE-2016-3092
HIGH
Apache Tomcat 7.x < 7.0.70, 8.x < 8.0.36, 8.5.x < 8.5.3, 9.x < 9.0.0.M7 - Denial of Service via Long Boundary String
CVSS 7.5
CVE-2016-1182
HIGH
Apache Struts 1.x-1.3.10 - Cross-Site Scripting or Denial of Service via Validator Configuration
CVSS 8.2
CVE-2016-1336
HIGH
Cisco EPC3928 Firmware - Denial of Service via Long LanguageSelect Parameter
CVSS 7.5
CVE-2016-1328
HIGH
Cisco EPC3928 Firmware - Denial of Service via Long h_sortWireless Parameter
CVSS 7.5
CVE-2016-1441
HIGH
Cisco Cloud Network Automation Provisioner 1.0(0) - Unauthenticated Access Bypass via GET API
CVSS 8.2
CVE-2016-1408
HIGH
Cisco Prime Infrastructure <3.1 - Authenticated RCE
CVSS 8.8
CVE-2016-0398
MEDIUM
IBM Cognos Analytics 11.0 - Content Spoofing via Crafted URL
CVSS 4.3
CVE-2016-3646
HIGH
Symantec ATP/SDCS:S/SEP/SEP for Mac/Linux <12.1 RU6 MP5 - RCE
CVSS 8.4
CVE-2016-3644
HIGH
Symantec ATP/SDCS:S 6.x-6.6 MP1, Web Gateway, SEP <12.1 RU6 MP5, SE...
CVSS 8.4
CVE-2016-2207
HIGH
Symantec AntiVirus Decomposer Engine - Remote Code Execution via Crafted RAR File
CVSS 8.4
CVE-2016-5301
HIGH
Opensuse Leap < 1.1 - Improper Input Validation
CVSS 7.5
CVE-2016-5840
HIGH
Trend Micro Deep Discovery Inspector <3.8 - RCE
CVSS 7.2
CVE-2016-5828
HIGH
Linux Kernel < 4.6.3 - Denial of Service via Transactional State Mishandling
CVSS 7.8
CVE-2016-4825
MEDIUM
welcart_e-commerce < 1.8.3 - Remote Code Execution via PHP Object Injection
CVSS 5.6
Details
Vulnerabilities
12,628
Exploit Likelihood
High