CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,582 vulnerabilities with CWE-20
CVE-2020-3357 CRITICAL
Cisco Small Business RV340-345 - RCE/DoS
CVSS 9.8
CVE-2020-3345 MEDIUM
Cisco Webex Meetings < 40.6.0 and Webex Meetings Server < 4.0 - Cross-Site Scripting
CVSS 4.3
CVE-2020-3323 CRITICAL
Cisco Small Business RV110W-215W - RCE
CVSS 9.8
CVE-2020-14503 CRITICAL
Advantech iView < 5.6 - Remote Code Execution
CVSS 9.8
CVE-2020-1355 HIGH
Windows 10 and Windows Server 2016 - Remote Code Execution in Font Driver Host
CVSS 7.8
CVE-2020-1350 CRITICAL KEV
Windows Server 2008, 2012, 2016, 2019 - Remote Code Execution in DNS Server
CVSS 10.0
CVE-2020-1043 CRITICAL
Windows Server 2008, 2012, 2016 - Authenticated Remote Code Execution via Hyper-V RemoteFX vGPU Input Validation
CVSS 9.0
CVE-2020-1042 CRITICAL
Windows Server 2008, 2012, 2016 - Authenticated Remote Code Execution via Hyper-V RemoteFX vGPU Input
CVSS 9.0
CVE-2020-1041 CRITICAL
Windows Server 2008, 2012, 2016 - Authenticated Remote Code Execution via Hyper-V RemoteFX vGPU Input
CVSS 9.0
CVE-2020-1040 CRITICAL KEV
Windows Server 2008, 2012, 2016 - Authenticated Remote Code Execution via Hyper-V RemoteFX vGPU Input Validation
CVSS 9.0
CVE-2020-1036 CRITICAL
Windows Server 2008, 2012, 2016 - Authenticated Remote Code Execution via Hyper-V RemoteFX vGPU Input
CVSS 9.0
CVE-2020-1032 CRITICAL
Windows Server 2008, 2012, 2016 - Authenticated Remote Code Execution via Hyper-V RemoteFX vGPU Input
CVSS 9.0
CVE-2020-1025 CRITICAL
Microsoft SharePoint Server/Skype for Business Server - Privilege E...
CVSS 9.8
CVE-2020-7588 MEDIUM
Siemens SIMATIC Products - Partial Denial of Service via Crafted Packet
CVSS 5.3
CVE-2020-13753 CRITICAL
WebKitGTK and WPE WebKit < 2.28.3 - Sandbox Escape via CLONE_NEWUSER and TIOCSTI
CVSS 10.0
CVE-2020-8195 MEDIUM KEV
Citrix ADC/Gateway <13.0-58.30 - Info Disclosure
CVSS 6.5
CVE-2020-8187 HIGH
Citrix ADC/Gateway <11.1-63.9, 12.0-62.10 - DoS
CVSS 7.5
CVE-2020-9258 MEDIUM
HUAWEI P30 Firmware < 10.1.0.135(C00E135R2P11) - Information Disclosure via Improper Input Validation
CVSS 5.5
CVE-2020-7814 HIGH
RAONWIZ RAON KUpload < 2018.0.2.51 - Remote Code Execution via Unvalidated File Extension
CVSS 7.8
CVE-2020-15584 MEDIUM
Android - Out-of-Bounds Access via 4K Wallpaper Image Processing
CVSS 5.5
CVE-2020-15543 CRITICAL
SolarWinds Serv-U FTP Server < 15.2.1 - Path Traversal via Unvalidated Argument
CVSS 9.8
CVE-2020-15503 HIGH
LibRaw < 0.20-RC1 - Heap-Based Buffer Overflow via Unvalidated Thumbnail Length
CVSS 7.5
CVE-2020-9497 MEDIUM
Apache Guacamole < 1.1.0 - Information Disclosure via RDP Static Virtual Channel Data
CVSS 4.4
CVE-2020-7821 HIGH
Nexacro14/17 ExtCommonApiV13 <2019.9.6 - RCE
CVSS 7.8
CVE-2020-7820 HIGH
Nexacro14/17 ExtCommonApiV13 Library <2019.9.6 - RCE
CVSS 7.8
Details
Vulnerabilities 12,582
Exploit Likelihood High