CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,570 vulnerabilities with CWE-20
CVE-2020-5680 HIGH
EC-CUBE 3.0.5-3.0.18 - Denial of Service via Improper Input Validation
CVSS 7.5
CVE-2020-9115 HIGH
Huawei ManageOne 6.5.1.1.B010-6.5.1.1.B050, 8.0.0, 8.0.1 - Authenticated Command Injection via Plugin Component
CVSS 7.2
CVE-2020-16850 HIGH
Mitsubishielectric R00cpu Firmware < 20 - Denial of Service
CVSS 7.5
CVE-2020-27253 HIGH
FactoryTalk Linx < 6.11 - Unauthenticated Denial of Service via Malicious Packet
CVSS 7.5
CVE-2020-26243 HIGH
Nanopb <0.4.4 & <0.3.9.7 - Memory Corruption
CVSS 7.5
CVE-2020-13942 CRITICAL
Apache Unomi 1.5.0-1.5.1 - Unauthenticated Remote Code Execution via /context.json Endpoint
CVSS 9.8
CVE-2020-26890 HIGH
Matrix Synapse < 1.20.0 - Denial of Service via Malformed m.room.member Event JSON Values
CVSS 7.5
CVE-2020-12351 HIGH
Linux Kernel 4.7.7-4.9.239 - Unauthenticated Privilege Escalation via BlueZ Input Validation
CVSS 8.8
CVE-2020-7925 HIGH
MongoDB Server <4.4.0-rc12, <4.2.9 - Memory Corruption
CVSS 7.5
CVE-2020-14258 HIGH
HCL Notes 9-11 - Unauthenticated Denial of Service via Crafted Email Message
CVSS 7.5
CVE-2020-14234 HIGH
HCL Domino < 9.0.1 FP10 IF6 and < 10.0.1 - Denial of Service via Improper Input Validation
CVSS 7.5
CVE-2020-14230 HIGH
HCL Domino - Denial of Service via Crafted Email Message
CVSS 7.5
CVE-2020-7842 MEDIUM
Netis Korea D'live AP 1.1.10 - Command Injection
CVSS 6.4
CVE-2020-6879 LOW
ZTE ZXHN Z500 and F670L Firmware - Parameter Tampering via Static Routing Rule Configuration
CVSS 3.5
CVE-2020-3471 MEDIUM
Cisco Webex Meetings Server - Unauthenticated Bidirectional Audio Maintenance via Synchronization Issue
CVSS 6.5
CVE-2020-3470 CRITICAL
Cisco Enterprise NFV Infrastructure Software < 4.4.1 & IMC 4.0(1a)-4.0(4l) - RCE via API Buffer Overflow
CVSS 9.8
CVE-2020-3441 MEDIUM
Cisco Webex Meetings - Info Disclosure
CVSS 5.3
CVE-2020-7841 HIGH
TOBESOFT XPLATFORM - Code Injection
CVSS 8.8
CVE-2020-27131 HIGH
Cisco Security Manager < 4.22 - Unauthenticated Remote Code Execution via Java Deserialization
CVSS 8.1
CVE-2020-27125 HIGH
Cisco Security Manager - Info Disclosure
CVSS 7.4
CVE-2020-28648 HIGH
Nagios XI < 5.7.5 - Authenticated Remote Code Execution via Auto-Discovery Input Validation
CVSS 8.8
CVE-2020-25151 HIGH
Nexcom NIO 50 Firmware - Denial of Service via Improper Input Validation
CVSS 7.5
CVE-2020-9127 MEDIUM
Huawei NIP6300 NIP6600 Secospace USG6300 USG6500 USG6600 USG9500 Firmware - Authenticated Command Injection
CVSS 6.7
CVE-2020-8669 MEDIUM
Intel(R) Data Center Manager <3.6.2 - Info Disclosure
CVSS 6.5
CVE-2020-12349 MEDIUM
Intel Data Center Manager < 3.6.2 - Authenticated Information Disclosure via Network Access
CVSS 6.5
Details
Vulnerabilities 12,570
Exploit Likelihood High