The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,631 vulnerabilities with CWE-20
CVE-2015-6403
Cisco SPA30x, SPA50x, SPA51x Phones 7.5.7 - Trojan Horse Firmware Image Loading via TFTP
CVE-2015-6790
Google Chrome < 47.0.2526.73 - Cross-Site Scripting via WebPageSerializerImpl
CVE-2015-6410
Cisco TelePresence Video Communication Server Software - Improper Input Validation
CVE-2015-6407
Cisco Emergency Responder 10.5(3.10000.9) - Arbitrary File Upload via Crafted Parameter
CVE-2015-6361
Cisco DPC3939 Wireless Residential Voice Gateway Firmware 121109aCMCST - Authenticated Remote Code Execution
CVE-2015-7094
Apple Iphone OS < 9.1 - Improper Input Validation
CVE-2015-7093
Safari < 9.0.1 - URL Spoofing via Crafted Web Site
CVE-2015-7079
tvOS < 9.1 - Remote Code Execution via dyld Segment Validation
CVE-2015-7072
Apple iOS <9.2, tvOS <9.1, watchOS <2.1 - Remote Code Execution via dyld Segment Validation
CVE-2015-7047
watchOS < 2.1 - Local Privilege Escalation via Crafted Mach Message
CVE-2015-6172
Microsoft Word/Office 2007-2016 RCE via Crafted Email
CVE-2015-6169
Microsoft Edge - Open Redirect via HTTP Response Misparsing
CVE-2015-6164
Microsoft Internet Explorer 9-11 - Cross-Site Scripting Filter Bypass
CVE-2015-6131
Windows Media Center - Remote Code Execution via Crafted .mcl File
CVE-2015-6128
Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1 - Privilege Escalation via Library Loading
CVE-2015-8084
Huawei Unified Security Gateway Firmware < V300R001C10SPC600 - Denial of Service via Crafted DHCP Packets
CVE-2015-6784
Google Chrome < 46.0.2490.86 - HTML Injection via MOTW Comment Handling
CVE-2015-6783
Android 5.x and 6.x - Signature Validation Bypass via Crafted ZIP Archive
CVE-2015-6782
Google Chrome < 46.0.2490.86 - Omnibox Spoofing via Modal Dialog Event Handling
CVE-2015-6849
EMC NetWorker < 8.0.4.5, 8.1.x < 8.1.3.6, 8.2.x < 8.2.2.2, 9.0 < build 407 - DoS via Malformed RPC Auth
CVE-2015-6385
Cisco IOS 15.5(2)S and 15.5(3)S - Authenticated Remote Code Execution via Event-Manager Environment Variables
CVE-2015-8229
Huawei eSpace U2980 <V100R001C10, U2990 <V200R001C10 - DoS
CVE-2015-8227
Huawei VP9660 - Info Disclosure/DoS
CVE-2015-7808
vBulletin 5 Connect <5.1.9 - Code Injection
CVE-2015-7036
macOS < 10.10.4 and iOS < 8.4 - Remote Code Execution via SQLite fts3_tokenizer API Call
Details
Vulnerabilities
12,631
Exploit Likelihood
High