The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,563 vulnerabilities with CWE-20
CVE-2020-12295
MEDIUM
Intel Thunderbolt Firmware - Authenticated Denial of Service via Improper Input Validation
CVSS 5.5
CVE-2020-15379
HIGH
Brocade SANnav < 2.1.0 - Denial of Service via Custom Field Name Length
CVSS 7.5
CVE-2020-11261
HIGH
KEV
Qualcomm APQ8009 Firmware - Memory Corruption via Improper Memory Allocation Check
CVSS 7.8
CVE-2020-11178
HIGH
Qualcomm Firmware - Memory Corruption via Trusted APPS CPZ Overwrite
CVSS 7.8
CVE-2020-26138
MEDIUM
SilverStripe < 4.6.0 - Improper Input Validation via Square Brackets in FormField Name
CVSS 5.3
CVE-2020-15180
CRITICAL
mariadb <10.1.47-10.5.6 - Command Injection
CVSS 9.0
CVE-2020-13602
MEDIUM
Zephyr < 1.14.2 - Remote Denial of Service in LwM2M do_write_op_tlv
CVSS 4.0
CVE-2020-36332
HIGH
libwebp < 1.0.1 - Denial of Service via Excessive Memory Allocation
CVSS 7.5
CVE-2020-27833
HIGH
OpenShift Container Platform < 4.7 - Arbitrary File Write via Symbolic Link in oc image extract
CVSS 7.1
CVE-2020-4811
LOW
IBM Cloud Pak for Security 1.4.0.0-1.6.0.1 Authenticated Data Injection
CVSS 2.4
CVE-2020-27823
HIGH
OpenJPEG < 2.4.0 - Denial of Service via Crafted x,y Offset Input
CVSS 7.8
CVE-2020-25713
MEDIUM
raptor_rdf_syntax_library - Out-of-bounds Read in raptor_xml_writer_start_element_common
CVSS 6.5
CVE-2020-27824
MEDIUM
OpenJPEG < 2.4.0 - Out-of-bounds Read in opj_dwt_calc_explicit_stepsizes
CVSS 5.5
CVE-2020-12526
MEDIUM
Beckhoff Automation GmbH & Co. KG <2.3.0.12, <3.1.0.1 - DoS
CVSS 5.3
CVE-2020-26146
MEDIUM
Samsung Galaxy S3 i9305 Firmware - Fragment Reassembly Data Exfiltration via Non-Consecutive Packet Numbers
CVSS 5.3
CVE-2020-26145
MEDIUM
Samsung Galaxy S3 i9305 Firmware - Arbitrary Network Packet Injection via Fragment Acceptance
CVSS 6.5
CVE-2020-26144
MEDIUM
Samsung Galaxy S3 i9305 Firmware - Unauthenticated Network Packet Injection via Plaintext A-MSDU Frame Acceptance
CVSS 6.5
CVE-2020-26143
MEDIUM
ALFA AWUS036ACH Windows 10 Driver 1030.36.604 - Arbitrary Frame Injection via Fragmented Plaintext Frames
CVSS 6.5
CVE-2020-11268
HIGH
Qualcomm APQ8009 and others - Denial of Service via Crafted Sib1 or SIB1 Decoding
CVSS 7.5
CVE-2020-4981
MEDIUM
IBM Spectrum Scale 5.0.4.1-5.1.0.3 - Authenticated Arbitrary File Write via Improper Input Validation
CVSS 6.0
CVE-2020-7857
HIGH
Tobesoft XPlatform <9.2.2.280 - RCE
CVSS 7.5
CVE-2020-36195
CRITICAL
QNAP QTS - SQL Injection via Multimedia Console or Media Streaming Add-on
CVSS 9.8
CVE-2020-28898
MEDIUM
ResourceXpress < 4.9k - Denial of Service via Large URL Parameter Input
CVSS 5.3
CVE-2020-28590
MEDIUM
libslic3r 1.3.0 and Master Commit 92abbc42 - Out-of-bounds Read in Obj File TriangleMesh
CVSS 6.5
CVE-2020-11237
HIGH
Qualcomm PMx Firmware - Denial of Service via Histogram KPI Input
CVSS 8.4
Details
Vulnerabilities
12,563
Exploit Likelihood
High