The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,628 vulnerabilities with CWE-20
CVE-2016-2411
MEDIUM
Android 6.x - Privilege Escalation via Qualcomm Power Management Kernel Driver
CVSS 6.5
CVE-2016-0834
HIGH
Android 6.x - Remote Code Execution or Denial of Service via Crafted Media File
CVSS 8.4
CVE-2016-3961
MEDIUM
Xen < 4.5.3 and Linux Kernel through 4.5.x - Denial of Service via hugetlbfs Access in x86 PV Guests
CVSS 5.5
CVE-2016-2145
HIGH
Fedora < 0.11.0 - Improper Input Validation
CVSS 7.5
CVE-2016-1271
HIGH
Juniper Junos OS <12.1X46-D45, 12.1X47-D30, 12.3R11, 12.3X48-D25, 1...
CVSS 7.8
CVE-2016-1268
HIGH
Juniper ScreenOS - Denial of Service via Crafted SSL Packet
CVSS 7.5
CVE-2016-0889
CRITICAL
EMC Unisphere for VMAX Virtual Appliance <8.2.0 - Path Traversal
CVSS 9.8
CVE-2016-3069
HIGH
Mercurial < 3.7.3 - Remote Code Execution via Git Repository Conversion
CVSS 8.8
CVE-2016-3068
HIGH
Debian Linux < 3.7.2 - Improper Input Validation
CVSS 8.8
CVE-2016-1376
MEDIUM
Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 - Denial of Service via Crafted Packet Bit Patterns
CVSS 5.3
CVE-2016-0147
HIGH
Microsoft XML Core Services 3.0 - Remote Code Execution
CVSS 8.8
CVE-2016-3655
CRITICAL
Palo Alto Networks PAN-OS <7.0.5 - RCE
CVSS 9.8
CVE-2016-3654
HIGH
Palo Alto Networks PAN-OS <7.0.5H2 - Command Injection
CVSS 7.2
CVE-2016-0785
HIGH
Apache Struts 2.0.0-2.3.20.3 - Remote Code Execution via Forced Double OGNL Evaluation
CVSS 8.8
CVE-2016-2170
CRITICAL
Apache OFBiz 12.04-12.04.05 and 13.07-13.07.02 - Remote Code Execution via Deserialization
CVSS 9.8
CVE-2016-3678
HIGH
Huawei S5300 S5700 S7700 S9300 S9700 Firmware - Denial of Service via Crafted Traffic
CVSS 7.5
CVE-2016-2381
HIGH
perl < 5.23.9 - Taint Protection Bypass via Duplicate Environment Variables
CVSS 7.5
CVE-2016-3980
HIGH
SAP Application Server Java 7.2-7.4 - Denial of Service via Crafted HTTP Request
CVSS 7.5
CVE-2016-3979
HIGH
SAP Java AS 7.2-7.4 - Denial of Service via IctParseCookies HTTP Request
CVSS 7.5
CVE-2016-2098
HIGH
Debian Linux < 3.2.22.1 - Improper Input Validation
CVSS 7.3
CVE-2016-0792
HIGH
Jenkins XStream Groovy classpath Deserialization Vulnerability
CVSS 8.8
CVE-2016-0789
MEDIUM
Jenkins <1.650-1.642.2 - CRLF Injection
CVSS 6.1
CVE-2016-2216
HIGH
Node.js HTTP Response Splitting via UTF-8 Encoded Unicode Characters
CVSS 7.5
CVE-2016-2086
HIGH
Node.js 0.10.x < 0.10.42, 0.12.x < 0.12.10, 4.x < 4.3.0, 5.x < 5.6.0 - HTTP Request Smuggling via Content-Length Header
CVSS 7.5
CVE-2016-1563
MEDIUM
NetApp Clustered Data ONTAP 8.3.1 - Info Disclosure
CVSS 6.8
Details
Vulnerabilities
12,628
Exploit Likelihood
High