CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,582 vulnerabilities with CWE-20
CVE-2020-3126 LOW
Cisco Webex Meetings Server - Authenticated Security Bypass via Multimedia Viewer Missing Warning Dialog
CVSS 3.0
CVE-2020-1633 HIGH
Junos OS 17.4-19.2 - Denial of Service via NDP Proxy Feature
CVSS 7.4
CVE-2020-1619 MEDIUM
Juniper Junos OS - Authenticated Privilege Escalation via NG-RE vmhost Access
CVSS 6.0
CVE-2020-1986 MEDIUM
Secdo - Authenticated Denial of Service via Improper Input Validation
CVSS 5.5
CVE-2020-1984 HIGH
Secdo - Privilege Escalation via Hardcoded Script Path
CVSS 7.8
CVE-2020-7614 CRITICAL
npm-programmatic < 0.0.12 - OS Command Injection via Unvalidated Package and Option Properties
CVSS 9.8
CVE-2020-8147 CRITICAL
utils-extend < 1.0.8 - Prototype Pollution leading to Remote Code Execution or Denial of Service
CVSS 9.8
CVE-2020-3850 CRITICAL
macOS Catalina <10.15.3 - Memory Corruption
CVSS 9.8
CVE-2020-3849 CRITICAL
macOS Catalina <10.15.3 - Memory Corruption
CVSS 9.8
CVE-2020-3848 CRITICAL
macOS Catalina <10.15.3 - Memory Corruption
CVSS 9.8
CVE-2020-3847 CRITICAL
macOS Catalina <10.15.3 - Info Disclosure
CVSS 9.8
CVE-2020-10204 HIGH
Sonatype Nexus < 3.21.2 - Remote Code Execution
CVSS 7.2
CVE-2020-3905 HIGH
macOS Catalina <10.15.4 - Memory Corruption
CVSS 7.8
CVE-2020-3893 HIGH
macOS Catalina <10.15.4 - Memory Corruption
CVSS 7.8
CVE-2020-3892 HIGH
macOS Catalina <10.15.4 - Memory Corruption
CVSS 7.8
CVE-2020-3884 MEDIUM
macOS Catalina <10.15.4 - Code Injection
CVSS 6.1
CVE-2020-4214 HIGH
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Unauthenticated Arbitrary Directory Deletion via Improper Input Validation
CVSS 7.5
CVE-2020-4206 HIGH
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Remote Code Execution via Improper Input Validation
CVSS 8.8
CVE-2020-10374 CRITICAL
Paessler PRTG Network Monitor 19.2.50-20.1.56 - Unauthenticated Remote Code Execution via Screenshot Function
CVSS 9.8
CVE-2020-5255 LOW
Symfony <4.4.7, <5.0.7 - Info Disclosure
CVSS 2.6
CVE-2020-10885 CRITICAL
TP-Link Archer A7 Firmware <190726 - RCE
CVSS 9.8
CVE-2020-2168 HIGH
Jenkins Azure Container Service Plugin <= 1.0.1 - Remote Code Execution via YAML Parser
CVSS 8.8
CVE-2020-2167 HIGH
Jenkins OpenShift Pipeline Plugin <= 1.0.56 - Remote Code Execution via YAML Parser
CVSS 8.8
CVE-2020-2166 HIGH
Jenkins Pipeline: AWS Steps Plugin < 1.40 - Remote Code Execution via YAML Deserialization
CVSS 8.8
CVE-2020-5555 CRITICAL
Shihonkanri Plus GOOUT - Info Disclosure
CVSS 9.1
Details
Vulnerabilities 12,582
Exploit Likelihood High