CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,582 vulnerabilities with CWE-20
CVE-2020-10837 CRITICAL
Samsung mobile devices P(9.0)-Q(10.0) - RCE
CVSS 9.8
CVE-2020-1747 CRITICAL
PyYAML < 5.3.1 - Remote Code Execution via python/object/new Constructor
CVSS 9.8
CVE-2020-6425 MEDIUM
Google Chrome < 80.0.3987.149 - Site Isolation Bypass via Malicious Extension
CVSS 5.4
CVE-2020-10648 HIGH
Das U-Boot through 2020.01 - Verified Boot Bypass via Crafted FIT Image
CVSS 7.8
CVE-2020-8787 HIGH
SuiteCRM <7.10.23, <7.11.11 - Info Disclosure
CVSS 7.5
CVE-2020-10240 MEDIUM
Joomla! 3.0.0-3.9.15 - User Identifier Collision via Missing Length Checks
CVSS 5.3
CVE-2020-10567 CRITICAL
Responsive Filemanager <9.14.0 - Code Injection
CVSS 9.8
CVE-2020-0567 MEDIUM
Intel Graphics Driver < 26.20.100.7212 - Authenticated Denial of Service via Local Access
CVSS 5.5
CVE-2020-0526 MEDIUM
Intel NUC Firmware - Privilege Escalation via Improper Input Validation
CVSS 6.7
CVE-2020-0808 HIGH
Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Provisioning Runtime File Validation
CVSS 7.8
CVE-2020-7253 MEDIUM
McAfee Agent < 5.6.4 - Local Self-Protection Bypass via masvc.exe Command-Line Utility
CVSS 5.7
CVE-2020-5203 CRITICAL
Fat-Free Framework < 3.7.2 - Remote Code Execution via Clear Method
CVSS 9.8
CVE-2020-6202 HIGH
SAP NetWeaver Application Server Java - Missing XML Validation
CVSS 7.2
CVE-2020-0050 MEDIUM
Android 10 - Local Privilege Escalation via Improper Input Validation in nfa_hciu_send_msg
CVSS 6.7
CVE-2020-0041 HIGH KEV
Android - Local Privilege Escalation via Binder Transaction Bounds Check
CVSS 7.8
CVE-2020-10255 CRITICAL
DDR4 and LPDDR4 DRAM - Many-sided RowHammer via Target Row Refresh Bypass
CVSS 9.0
CVE-2020-10236 MEDIUM
Froxlor < 0.10.14 - Information Disclosure and Denial of Service via Static /tmp File Creation
CVSS 6.1
CVE-2020-10101 HIGH
Zammad 3.0-3.2 - Denial of Service via Non-JSON WebSocket Message
CVSS 7.5
CVE-2020-3164 MEDIUM
Cisco Email Security Appliance < 13.0.0-392 - Unauthenticated Denial of Service via HTTP Request Header
CVSS 5.3
CVE-2020-3128 HIGH
Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File
CVSS 7.8
CVE-2020-3127 HIGH
Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File
CVSS 7.8
CVE-2020-5403 HIGH
Reactor Netty HttpServer 0.9.3-0.9.4 - Denial of Service via URISyntaxException
CVSS 7.5
CVE-2020-6797 MEDIUM
Firefox < 73.0 and Firefox ESR < 68.5.0 - Arbitrary Application Launch via .fileloc Extension
CVSS 4.3
CVE-2020-8132 CRITICAL
pdf-image <= 2.0.0 - Remote Code Execution via Untrusted PDF File Path
CVSS 9.8
CVE-2020-9430 HIGH
Wireshark 2.6.0-2.6.14, 3.0.0-3.0.8, 3.2.0-3.2.1 - Denial of Service in WiMax DLMAP Dissector
CVSS 7.5
Details
Vulnerabilities 12,582
Exploit Likelihood High