CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,563 vulnerabilities with CWE-20
CVE-2020-12295 MEDIUM
Intel Thunderbolt Firmware - Authenticated Denial of Service via Improper Input Validation
CVSS 5.5
CVE-2020-15379 HIGH
Brocade SANnav < 2.1.0 - Denial of Service via Custom Field Name Length
CVSS 7.5
CVE-2020-11261 HIGH KEV
Qualcomm APQ8009 Firmware - Memory Corruption via Improper Memory Allocation Check
CVSS 7.8
CVE-2020-11178 HIGH
Qualcomm Firmware - Memory Corruption via Trusted APPS CPZ Overwrite
CVSS 7.8
CVE-2020-26138 MEDIUM
SilverStripe < 4.6.0 - Improper Input Validation via Square Brackets in FormField Name
CVSS 5.3
CVE-2020-15180 CRITICAL
mariadb <10.1.47-10.5.6 - Command Injection
CVSS 9.0
CVE-2020-13602 MEDIUM
Zephyr < 1.14.2 - Remote Denial of Service in LwM2M do_write_op_tlv
CVSS 4.0
CVE-2020-36332 HIGH
libwebp < 1.0.1 - Denial of Service via Excessive Memory Allocation
CVSS 7.5
CVE-2020-27833 HIGH
OpenShift Container Platform < 4.7 - Arbitrary File Write via Symbolic Link in oc image extract
CVSS 7.1
CVE-2020-4811 LOW
IBM Cloud Pak for Security 1.4.0.0-1.6.0.1 Authenticated Data Injection
CVSS 2.4
CVE-2020-27823 HIGH
OpenJPEG < 2.4.0 - Denial of Service via Crafted x,y Offset Input
CVSS 7.8
CVE-2020-25713 MEDIUM
raptor_rdf_syntax_library - Out-of-bounds Read in raptor_xml_writer_start_element_common
CVSS 6.5
CVE-2020-27824 MEDIUM
OpenJPEG < 2.4.0 - Out-of-bounds Read in opj_dwt_calc_explicit_stepsizes
CVSS 5.5
CVE-2020-12526 MEDIUM
Beckhoff Automation GmbH & Co. KG <2.3.0.12, <3.1.0.1 - DoS
CVSS 5.3
CVE-2020-26146 MEDIUM
Samsung Galaxy S3 i9305 Firmware - Fragment Reassembly Data Exfiltration via Non-Consecutive Packet Numbers
CVSS 5.3
CVE-2020-26145 MEDIUM
Samsung Galaxy S3 i9305 Firmware - Arbitrary Network Packet Injection via Fragment Acceptance
CVSS 6.5
CVE-2020-26144 MEDIUM
Samsung Galaxy S3 i9305 Firmware - Unauthenticated Network Packet Injection via Plaintext A-MSDU Frame Acceptance
CVSS 6.5
CVE-2020-26143 MEDIUM
ALFA AWUS036ACH Windows 10 Driver 1030.36.604 - Arbitrary Frame Injection via Fragmented Plaintext Frames
CVSS 6.5
CVE-2020-11268 HIGH
Qualcomm APQ8009 and others - Denial of Service via Crafted Sib1 or SIB1 Decoding
CVSS 7.5
CVE-2020-4981 MEDIUM
IBM Spectrum Scale 5.0.4.1-5.1.0.3 - Authenticated Arbitrary File Write via Improper Input Validation
CVSS 6.0
CVE-2020-7857 HIGH
Tobesoft XPlatform <9.2.2.280 - RCE
CVSS 7.5
CVE-2020-36195 CRITICAL
QNAP QTS - SQL Injection via Multimedia Console or Media Streaming Add-on
CVSS 9.8
CVE-2020-28898 MEDIUM
ResourceXpress < 4.9k - Denial of Service via Large URL Parameter Input
CVSS 5.3
CVE-2020-28590 MEDIUM
libslic3r 1.3.0 and Master Commit 92abbc42 - Out-of-bounds Read in Obj File TriangleMesh
CVSS 6.5
CVE-2020-11237 HIGH
Qualcomm PMx Firmware - Denial of Service via Histogram KPI Input
CVSS 8.4
Details
Vulnerabilities 12,563
Exploit Likelihood High