CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,563 vulnerabilities with CWE-20
CVE-2020-15293 MEDIUM
Bitdefender Hypervisor Introspection - Denial of Service via Guest-Data Input Validation
CVSS 6.1
CVE-2020-15292 MEDIUM
Bitdefender Hypervisor Introspection - Out-of-Bounds Read and DoS
CVSS 5.5
CVE-2020-5682 HIGH
GROWI < 3.8.2 - Denial of Service via Uncontrolled Resource Consumption
CVSS 7.5
CVE-2020-25759 HIGH
D-Link DSR Unified Services Router Firmware < 3.17 - Authenticated OS Command Injection via Multipart HTTP POST Request
CVSS 8.8
CVE-2020-25757 HIGH
D-Link DSR VPN Routers < 3.17 - Unauthenticated OS Command Injection via Lua CGI
CVSS 8.8
CVE-2020-25195 HIGH
Host Engineering H0-ECOM100, H2-ECOM100, H4-ECOM100 <4.0.348/<4.0.2148 DoS via Input Length Bypass
CVSS 7.5
CVE-2020-27029 MEDIUM
Android 11 - Denial of Service via TextView Input Validation
CVSS 6.5
CVE-2020-0493 MEDIUM
Android 11 - Out-of-Bounds Read in CPDF_SampledFunc::v_Call
CVSS 5.5
CVE-2020-0368 LOW
Android 11 - Local Information Disclosure via CallLogProvider Input Validation Bypass
CVSS 3.3
CVE-2020-17444 HIGH
picoTCP < 1.7.0 - Denial of Service via IPv6 Extension Header Length Overflow
CVSS 7.5
CVE-2020-17439 HIGH
uIP 1.0 - DNS Cache Poisoning via Improper Input Validation
CVSS 8.3
CVE-2020-15375 MEDIUM
Brocade Fabric OS <9.0.0,8.2.2c,8.2.1e,8.1.2k,8.2.0_CBN3,7.4.2g - P...
CVSS 6.7
CVE-2020-4633 HIGH
IBM Resilient SOAR V38.0 - Code Injection
CVSS 8.8
CVE-2020-27828 HIGH
jasper < 2.0.23 - Arbitrary Out-of-Bounds Write via JPC Encoder
CVSS 7.8
CVE-2020-26409 MEDIUM
Gitlab CE/EE >=10.3,<13.4.7,-<13.5.5,-<13.6.2 - DoS
CVSS 4.3
CVE-2020-26270 MEDIUM
TensorFlow <1.15.5, <2.0.4, <2.1.3, <2.2.2, <2.3.2, <2.4.0 - DoS
CVSS 4.4
CVE-2020-27614 HIGH
AnyDesk <6.0.2 - Privilege Escalation
CVSS 7.8
CVE-2020-9977 MEDIUM
iPadOS < 14.2 - Unauthenticated Information Disclosure via Entitlement Verification
CVSS 5.5
CVE-2020-5680 HIGH
EC-CUBE 3.0.5-3.0.18 - Denial of Service via Improper Input Validation
CVSS 7.5
CVE-2020-9115 HIGH
Huawei ManageOne 6.5.1.1.B010-6.5.1.1.B050, 8.0.0, 8.0.1 - Authenticated Command Injection via Plugin Component
CVSS 7.2
CVE-2020-16850 HIGH
Mitsubishielectric R00cpu Firmware < 20 - Denial of Service
CVSS 7.5
CVE-2020-27253 HIGH
FactoryTalk Linx < 6.11 - Unauthenticated Denial of Service via Malicious Packet
CVSS 7.5
CVE-2020-26243 HIGH
Nanopb <0.4.4 & <0.3.9.7 - Memory Corruption
CVSS 7.5
CVE-2020-13942 CRITICAL
Apache Unomi 1.5.0-1.5.1 - Unauthenticated Remote Code Execution via /context.json Endpoint
CVSS 9.8
CVE-2020-26890 HIGH
Matrix Synapse < 1.20.0 - Denial of Service via Malformed m.room.member Event JSON Values
CVSS 7.5
Details
Vulnerabilities 12,563
Exploit Likelihood High