The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,628 vulnerabilities with CWE-20
CVE-2015-9235
CRITICAL
jsonwebtoken < 4.2.2 - Authentication Bypass via Algorithm Confusion
CVSS 9.8
CVE-2015-9212
CRITICAL
Qualcomm MSM8909W, SD 210/212/205, SD 400, SD 410/12, SD 800 Firmware - Buffer Overread via TZ_PR_CMD_SAVE_KEY Command
CVSS 9.8
CVE-2015-9210
CRITICAL
Qualcomm Multiple Chipsets Firmware - Memory Overread in playready_licacq_process_response()
CVSS 9.8
CVE-2015-9208
CRITICAL
Qualcomm Mdm9206 Firmware - Improper Input Validation
CVSS 9.8
CVE-2015-9207
CRITICAL
Qualcomm Snapdragon Mobile and Wear Firmware - Buffer Overread via playready_getadditional_responsedata
CVSS 9.8
CVE-2015-9196
CRITICAL
Qualcomm FSM9055 MDM9635M SD 400 SD 800 Firmware - Privilege Escalation via tzbsp_ocmem Input Validation
CVSS 9.8
CVE-2015-9193
HIGH
Qualcomm Mdm9206 Firmware - Improper Input Validation
CVSS 7.5
CVE-2015-9182
CRITICAL
Qualcomm Multiple Chipsets Firmware - Buffer Over-Read in OEMCrypto_GenerateSignature()
CVSS 9.8
CVE-2015-9151
CRITICAL
Qualcomm MDM9625, MDM9635M, SD 400, and SD 800 Firmware - Improper Input Validation
CVSS 9.8
CVE-2015-9147
CRITICAL
Qualcomm MDM9625, MDM9635M, SD 400, and SD 800 Firmware - Memory Corruption via Unvalidated Pointer
CVSS 9.8
CVE-2015-9146
CRITICAL
Qualcomm Mdm9625 Firmware - Improper Input Validation
CVSS 9.8
CVE-2015-9139
CRITICAL
Qualcomm Snapdragon Mobile and Wear Firmware - Improper Input Validation during SSL Handshake
CVSS 9.8
CVE-2015-9131
HIGH
Qualcomm Snapdragon Mobile Firmware - Unauthorized Memory Access via qsee Input Validation
CVSS 7.5
CVE-2015-9116
CRITICAL
Qualcomm MDM9625/SD 425/430/450/625/650/652/810/820/820A - Untrusted Pointer Dereference in QTEE
CVSS 9.8
CVE-2015-9115
CRITICAL
Qualcomm Snapdragon Firmware - Improper Input Validation in qsee_prng_getdata Syscall
CVSS 9.8
CVE-2015-9110
CRITICAL
Qualcomm Snapdragon Firmware - Improper Input Validation in qsee_get_secure_state Syscall
CVSS 9.8
CVE-2015-9108
CRITICAL
Qualcomm MDM9625/SD 425/430/450/625/650/652/820/820A Firmware - Arbitrary Read/Write via QSEE Syscall
CVSS 9.8
CVE-2015-2081
CRITICAL
Datto ALTO and SIRIS Firmware - Unauthenticated Remote Code Execution via PHP Script Requests
CVSS 9.8
CVE-2015-5674
MEDIUM
FreeBSD routed daemon - Denial of Service via Network Query
CVSS 6.5
CVE-2015-2186
HIGH
edx/configuration - Account Spoofing via CORS_ORIGIN_ALLOW_ALL String Literal Misconfiguration
CVSS 7.5
CVE-2015-9246
CRITICAL
Skybox Platform < 7.5.201 - Unauthenticated Remote Code Execution via WAR Archive Upload
CVSS 9.8
CVE-2015-1835
MEDIUM
Apache Cordova Android < 3.7.2 and 4.x < 4.0.2 - Secondary Configuration Variable Modification via Intent URL
CVSS 5.3
CVE-2015-6839
MEDIUM
MSA vot.Ar 3.1 - Multiple Vote Casting via RFID Ballot Tag
CVSS 4.6
CVE-2015-2156
HIGH
Netty Cookie HttpOnly Flag Bypass via Improper Input Validation
CVSS 7.5
CVE-2015-3138
HIGH
tcpdump < 4.7.4 - Denial of Service in print-wb.c
CVSS 7.5
Details
Vulnerabilities
12,628
Exploit Likelihood
High