CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,582 vulnerabilities with CWE-20
CVE-2020-15964 HIGH
Google Chrome < 85.0.4183.121 - Remote Code Execution via Media Data Validation
CVSS 8.8
CVE-2020-25787 CRITICAL
Tiny Tiny RSS < 2020-09-16 - Server-Side Request Forgery via URL Validation Bypass
CVSS 9.8
CVE-2020-15181 CRITICAL
Alfresco Reset Password <1.2.0 - Privilege Escalation
CVSS 9.3
CVE-2020-0325 MEDIUM
Android 11 - Local Information Disclosure via NFC Bounds Check Missing
CVSS 4.4
CVE-2020-15186 LOW
Helm <2.16.11-3.3.2 - Code Injection
CVSS 3.4
CVE-2020-15184 LOW
Helm <2.16.11, <3.3.2 - Code Injection
CVSS 3.7
CVE-2020-0363 MEDIUM
Android 11 - Remote Denial of Service via Improper Input Validation in libmedia
CVSS 6.5
CVE-2020-0362 MEDIUM
Android 11 - Remote Denial of Service via Improper Input Validation in libstagefright
CVSS 6.5
CVE-2020-0353 MEDIUM
Android 11 - Remote Denial of Service via libmp4extractor Resource Exhaustion
CVSS 6.5
CVE-2020-0351 MEDIUM
Android 11 - Denial of Service via Improper Input Validation in libstagefright
CVSS 6.5
CVE-2020-0333 CRITICAL
Android 11 - Remote Code Execution via UrlQuerySanitizer Input Validation
CVSS 9.8
CVE-2020-0320 MEDIUM
Android 11 - Remote Denial of Service via Improper Input Validation in libstagefright
CVSS 6.5
CVE-2020-0301 MEDIUM
Android 11 - Remote Denial of Service via Improper Input Validation in libstagefright
CVSS 6.5
CVE-2020-0287 MEDIUM
Android 11 - Remote Denial of Service via Missing Bounds Check in libmkvextractor
CVSS 6.5
CVE-2020-0130 HIGH
Android 11 - Local Privilege Escalation via Screencap Command Injection
CVSS 7.8
CVE-2020-14338 MEDIUM
Xerces < 2.12.0.SP3 - XML Schema Validation Bypass via Grammar Pool Manipulation
CVSS 5.3
CVE-2020-24377 CRITICAL
Freebox OS < 4.2.3 - DNS Rebinding
CVSS 9.6
CVE-2020-24376 CRITICAL
Freebox Server <4.2.3 - DNS Rebinding in UPnP IGD
CVSS 9.6
CVE-2020-24374 CRITICAL
Freebox v5 <1.5.29 - DNS Rebinding
CVSS 9.6
CVE-2020-14513 HIGH
CodeMeter < 6.81 - Denial of Service via Crafted License File
CVSS 7.5
CVE-2020-10715 MEDIUM
openshift/console <4 - Content Spoofing
CVSS 4.3
CVE-2020-25614 CRITICAL
xmlquery < 1.3.1 - Denial of Service via Unchecked LoadURL Response Format
CVSS 9.8
CVE-2020-16099 MEDIUM
Gallagher Command Centre 8.20 < 8.20.1093 - Denial of Service via Guard Tour Event Reporting
CVSS 4.3
CVE-2020-13317 MEDIUM
GitLab <13.1.10-13.3.4 - Privilege Escalation
CVSS 6.5
CVE-2020-1044 MEDIUM
SQL Server Reporting Services - Auth Bypass
CVSS 4.3
Details
Vulnerabilities 12,582
Exploit Likelihood High