CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,563 vulnerabilities with CWE-20
CVE-2020-28870 CRITICAL
InoERP 0.7.2 - Unauthenticated Remote Code Execution via /modules/sys/form_personalization/json_fp.php
CVSS 9.8
CVE-2020-26193 HIGH
Dell EMC PowerScale OneFS 8.1.0-9.1.0 - Authenticated OS Command Injection
CVSS 7.8
CVE-2020-14343 CRITICAL
PyYAML < 5.4 - Remote Code Execution via Python Object Constructor
CVSS 9.8
CVE-2020-28645 CRITICAL
owncloud < 10.6.0 - Unauthenticated Arbitrary File Deletion via User Deletion
CVSS 9.1
CVE-2020-4790 MEDIUM
IBM Security Identity Governance and Intelligence 5.2.6 - Denial of Service via URL Validation
CVSS 6.5
CVE-2020-29021 LOW
Secomea GateManager < 9.3 - Authenticated Stored Cross-Site Scripting via Web UI Input Field
CVSS 3.5
CVE-2020-12122 HIGH
Max Secure Max Spyware Detector 1.0.0.044 - Denial of Service via IOCtl 0x2200019
CVSS 7.8
CVE-2020-4828 MEDIUM
IBM API Connect 10.0.0.0-10.0.1.0 and 2018.4.1.0-2018.4.1.13 - Web Cache Poisoning via HTTP Request Header Manipulation
CVSS 6.5
CVE-2020-8734 MEDIUM
Intel(R) Server Board M10JNP2SB <7.210 - Privilege Escalation
CVSS 6.7
CVE-2020-36199 CRITICAL
Kaspersky TinyCheck < 2020-12-18 - OS Command Injection via Input Parameter
CVSS 9.8
CVE-2020-28221 CRITICAL
EcoStruxure Operator Terminal Expert and Pro-face BLUE - Remote Code Execution via Ethernet Download Feature
CVSS 9.8
CVE-2020-0236 HIGH
Android 10 - Out-of-bounds Read in A2DP_GetCodecType
CVSS 7.5
CVE-2020-17532 HIGH
Apache ServiceComb-Java-Chassis <2.1.4 - Authenticated RCE
CVSS 8.8
CVE-2020-8568 MEDIUM
Kubernetes Secrets Store CSI Driver 0.0.15-0.0.16 - Path Traversal & Arbitrary File Write
CVSS 5.8
CVE-2020-11200 HIGH
Qualcomm PM8009 - Out-of-bounds Read in RPS Parser
CVSS 7.5
CVE-2020-11144 CRITICAL
Qualcomm APQ8009 and related - Out-of-bounds Read in DL ROHC Packet Decompression
CVSS 9.1
CVE-2020-11119 HIGH
Snapdragon Auto et al - Buffer Overflow
CVSS 7.5
CVE-2020-9139 CRITICAL
Huawei EMUI and Magic UI - Denial of Service via Improper Input Validation
CVSS 9.1
CVE-2020-0471 CRITICAL
Android 8.0-11 - Remote Privilege Escalation via Bluetooth Packet Injection
CVSS 9.8
CVE-2020-16040 MEDIUM
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
CVSS 6.5
CVE-2020-16015 HIGH
Google Chrome < 87.0.4280.66 - Remote Code Execution via WASM Type Confusion
CVSS 8.8
CVE-2020-4667 MEDIUM
IBM Engineering Requirements Quality ... - Improper Input Validation
CVSS 4.3
CVE-2020-6656 MEDIUM
Eaton easySoft 7.00-7.20 - Remote Code Execution via Malformed .E70 File Parsing
CVSS 5.8
CVE-2020-6655 MEDIUM
Eaton easySoft 7.00-7.21 - Out-of-bounds Read via Malformed .E70 File
CVSS 5.8
CVE-2020-4896 MEDIUM
IBM Emptoris Sourcing 10.1.0-10.1.3 - Web Cache Poisoning via HTTP Request Header Manipulation
CVSS 6.5
Details
Vulnerabilities 12,563
Exploit Likelihood High