The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,582 vulnerabilities with CWE-20
CVE-2020-10837
CRITICAL
Samsung mobile devices P(9.0)-Q(10.0) - RCE
CVSS 9.8
CVE-2020-1747
CRITICAL
PyYAML < 5.3.1 - Remote Code Execution via python/object/new Constructor
CVSS 9.8
CVE-2020-6425
MEDIUM
Google Chrome < 80.0.3987.149 - Site Isolation Bypass via Malicious Extension
CVSS 5.4
CVE-2020-10648
HIGH
Das U-Boot through 2020.01 - Verified Boot Bypass via Crafted FIT Image
CVSS 7.8
CVE-2020-8787
HIGH
SuiteCRM <7.10.23, <7.11.11 - Info Disclosure
CVSS 7.5
CVE-2020-10240
MEDIUM
Joomla! 3.0.0-3.9.15 - User Identifier Collision via Missing Length Checks
CVSS 5.3
CVE-2020-10567
CRITICAL
Responsive Filemanager <9.14.0 - Code Injection
CVSS 9.8
CVE-2020-0567
MEDIUM
Intel Graphics Driver < 26.20.100.7212 - Authenticated Denial of Service via Local Access
CVSS 5.5
CVE-2020-0526
MEDIUM
Intel NUC Firmware - Privilege Escalation via Improper Input Validation
CVSS 6.7
CVE-2020-0808
HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Provisioning Runtime File Validation
CVSS 7.8
CVE-2020-7253
MEDIUM
McAfee Agent < 5.6.4 - Local Self-Protection Bypass via masvc.exe Command-Line Utility
CVSS 5.7
CVE-2020-5203
CRITICAL
Fat-Free Framework < 3.7.2 - Remote Code Execution via Clear Method
CVSS 9.8
CVE-2020-6202
HIGH
SAP NetWeaver Application Server Java - Missing XML Validation
CVSS 7.2
CVE-2020-0050
MEDIUM
Android 10 - Local Privilege Escalation via Improper Input Validation in nfa_hciu_send_msg
CVSS 6.7
CVE-2020-0041
HIGH
KEV
Android - Local Privilege Escalation via Binder Transaction Bounds Check
CVSS 7.8
CVE-2020-10255
CRITICAL
DDR4 and LPDDR4 DRAM - Many-sided RowHammer via Target Row Refresh Bypass
CVSS 9.0
CVE-2020-10236
MEDIUM
Froxlor < 0.10.14 - Information Disclosure and Denial of Service via Static /tmp File Creation
CVSS 6.1
CVE-2020-10101
HIGH
Zammad 3.0-3.2 - Denial of Service via Non-JSON WebSocket Message
CVSS 7.5
CVE-2020-3164
MEDIUM
Cisco Email Security Appliance < 13.0.0-392 - Unauthenticated Denial of Service via HTTP Request Header
CVSS 5.3
CVE-2020-3128
HIGH
Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File
CVSS 7.8
CVE-2020-3127
HIGH
Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File
CVSS 7.8
CVE-2020-5403
HIGH
Reactor Netty HttpServer 0.9.3-0.9.4 - Denial of Service via URISyntaxException
CVSS 7.5
CVE-2020-6797
MEDIUM
Firefox < 73.0 and Firefox ESR < 68.5.0 - Arbitrary Application Launch via .fileloc Extension
CVSS 4.3
CVE-2020-8132
CRITICAL
pdf-image <= 2.0.0 - Remote Code Execution via Untrusted PDF File Path
CVSS 9.8
CVE-2020-9430
HIGH
Wireshark 2.6.0-2.6.14, 3.0.0-3.0.8, 3.2.0-3.2.1 - Denial of Service in WiMax DLMAP Dissector
CVSS 7.5
Details
Vulnerabilities
12,582
Exploit Likelihood
High