The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,563 vulnerabilities with CWE-20
CVE-2020-28870
CRITICAL
InoERP 0.7.2 - Unauthenticated Remote Code Execution via /modules/sys/form_personalization/json_fp.php
CVSS 9.8
CVE-2020-26193
HIGH
Dell EMC PowerScale OneFS 8.1.0-9.1.0 - Authenticated OS Command Injection
CVSS 7.8
CVE-2020-14343
CRITICAL
PyYAML < 5.4 - Remote Code Execution via Python Object Constructor
CVSS 9.8
CVE-2020-28645
CRITICAL
owncloud < 10.6.0 - Unauthenticated Arbitrary File Deletion via User Deletion
CVSS 9.1
CVE-2020-4790
MEDIUM
IBM Security Identity Governance and Intelligence 5.2.6 - Denial of Service via URL Validation
CVSS 6.5
CVE-2020-29021
LOW
Secomea GateManager < 9.3 - Authenticated Stored Cross-Site Scripting via Web UI Input Field
CVSS 3.5
CVE-2020-12122
HIGH
Max Secure Max Spyware Detector 1.0.0.044 - Denial of Service via IOCtl 0x2200019
CVSS 7.8
CVE-2020-4828
MEDIUM
IBM API Connect 10.0.0.0-10.0.1.0 and 2018.4.1.0-2018.4.1.13 - Web Cache Poisoning via HTTP Request Header Manipulation
CVSS 6.5
CVE-2020-8734
MEDIUM
Intel(R) Server Board M10JNP2SB <7.210 - Privilege Escalation
CVSS 6.7
CVE-2020-36199
CRITICAL
Kaspersky TinyCheck < 2020-12-18 - OS Command Injection via Input Parameter
CVSS 9.8
CVE-2020-28221
CRITICAL
EcoStruxure Operator Terminal Expert and Pro-face BLUE - Remote Code Execution via Ethernet Download Feature
CVSS 9.8
CVE-2020-0236
HIGH
Android 10 - Out-of-bounds Read in A2DP_GetCodecType
CVSS 7.5
CVE-2020-17532
HIGH
Apache ServiceComb-Java-Chassis <2.1.4 - Authenticated RCE
CVSS 8.8
CVE-2020-8568
MEDIUM
Kubernetes Secrets Store CSI Driver 0.0.15-0.0.16 - Path Traversal & Arbitrary File Write
CVSS 5.8
CVE-2020-11200
HIGH
Qualcomm PM8009 - Out-of-bounds Read in RPS Parser
CVSS 7.5
CVE-2020-11144
CRITICAL
Qualcomm APQ8009 and related - Out-of-bounds Read in DL ROHC Packet Decompression
CVSS 9.1
CVE-2020-11119
HIGH
Snapdragon Auto et al - Buffer Overflow
CVSS 7.5
CVE-2020-9139
CRITICAL
Huawei EMUI and Magic UI - Denial of Service via Improper Input Validation
CVSS 9.1
CVE-2020-0471
CRITICAL
Android 8.0-11 - Remote Privilege Escalation via Bluetooth Packet Injection
CVSS 9.8
CVE-2020-16040
MEDIUM
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
CVSS 6.5
CVE-2020-16015
HIGH
Google Chrome < 87.0.4280.66 - Remote Code Execution via WASM Type Confusion
CVSS 8.8
CVE-2020-4667
MEDIUM
IBM Engineering Requirements Quality ... - Improper Input Validation
CVSS 4.3
CVE-2020-6656
MEDIUM
Eaton easySoft 7.00-7.20 - Remote Code Execution via Malformed .E70 File Parsing
CVSS 5.8
CVE-2020-6655
MEDIUM
Eaton easySoft 7.00-7.21 - Out-of-bounds Read via Malformed .E70 File
CVSS 5.8
CVE-2020-4896
MEDIUM
IBM Emptoris Sourcing 10.1.0-10.1.3 - Web Cache Poisoning via HTTP Request Header Manipulation
CVSS 6.5
Details
Vulnerabilities
12,563
Exploit Likelihood
High