CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,563 vulnerabilities with CWE-20
CVE-2021-1060 HIGH
NVIDIA vGPU <8.6-11.3 - Buffer Overflow
CVSS 7.1
CVE-2021-1053 MEDIUM
NVIDIA GPU Driver 390-392.63 - Denial of Service via Kernel Mode Layer Pointer Validation
CVSS 5.5
CVE-2020-37216 HIGH
Hirschmann HiOS EtherNet/IP Stack Denial of Service
CVSS 7.5
CVE-2020-12487 HIGH
vivo ABE < 4.4.0.9 - OS Command Injection via Input Parameter Verification Flaw
CVSS 7.0
CVE-2020-3538 MEDIUM
Cisco Data Center Network Manager < 11.4(1) - Authenticated Path Traversal via REST API Endpoint
CVSS 4.6
CVE-2020-11850 HIGH
OpenText Self Service Password Reset < 4.5.0.2 and 4.4.0.6 - Cross-Site Scripting
CVSS 7.3
CVE-2020-26082 MEDIUM
Cisco AsyncOS < 13.5.2 - Unauthenticated Content Filter Bypass via Password-Protected Zip Files
CVSS 5.8
CVE-2020-5002 MEDIUM
IBM Financial Transaction Manager 3.2.0-3.2.10 - Authenticated Unauthorized Action via Improper Input Validation
CVSS 4.3
CVE-2020-36564 HIGH
nosurf < 1.1.1 - Improper Input Validation
CVSS 7.5
CVE-2020-35509 MEDIUM
Keycloak 11.0.3 and 12.0.0 - Improper Certificate Validation in Direct-Grant Authenticator
CVSS 5.4
CVE-2020-1756 HIGH
Moodle <3.8.2-3.5.11 - Info Disclosure
CVSS 7.2
CVE-2020-6998 MEDIUM
Rockwell Automation CompactLogix 5370 and ControlLogix 5570 < 33 - Denial of Service via CIP Packet Request
CVSS 5.8
CVE-2020-35169 CRITICAL
Dell BSAFE <4.1.5-4.5.2 - Info Disclosure
CVSS 9.1
CVE-2020-29508 MEDIUM
Dell BSAFE <4.1.5-4.6 - Info Disclosure
CVSS 5.3
CVE-2020-29507 MEDIUM
Dell BSAFE <4.1.4-4.4 - Improper Input Validation
CVSS 5.3
CVE-2020-26185 HIGH
Dell BSAFE Micro Edition Suite < 4.5.1 - Out-of-bounds Read
CVSS 7.5
CVE-2020-29013 MEDIUM
FortiSandbox < 3.2.2 - Authenticated Denial of Service via Sniffer Interface
CVSS 5.4
CVE-2020-25721 HIGH
Samba 4.13.0-4.13.13 - Improper Input Validation in Kerberos Ticket Handling
CVSS 8.8
CVE-2020-15936 LOW
FortiOS < 5.6.13 - Sensitive Information Disclosure via SNI Client Hello TLS Packets
CVSS 2.6
CVE-2020-25717 HIGH
Samba 3.0.0-4.13.13 - Authenticated Privilege Escalation via Domain User Mapping
CVSS 8.1
CVE-2020-5956 HIGH
InsydeH2O <5.1-5.4 - Code Injection
CVSS 7.5
CVE-2020-7880 HIGH
NeoRS ActiveX - Remote File Download and Execution via StartNeoRS
CVSS 7.5
CVE-2020-12961 HIGH
AMD EPYC 7003/7002/72F3/7313/7313P/7343/73F3/7413/7443/7443P/7453/74F3/7513 Firmware Privilege Escalation via SMN
CVSS 7.8
CVE-2020-12946 HIGH
AMD EPYC Firmware - Denial of Service via Discrete TPM Command Input Validation
CVSS 7.1
CVE-2020-12944 HIGH
AMD EPYC Firmware - Arbitrary Code Execution via Insufficient BIOS Image Validation
CVSS 7.8
Details
Vulnerabilities 12,563
Exploit Likelihood High