CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,591 vulnerabilities with CWE-20
CVE-2020-10236 MEDIUM
Froxlor < 0.10.14 - Information Disclosure and Denial of Service via Static /tmp File Creation
CVSS 6.1
CVE-2020-10101 HIGH
Zammad 3.0-3.2 - Denial of Service via Non-JSON WebSocket Message
CVSS 7.5
CVE-2020-3164 MEDIUM
Cisco Email Security Appliance < 13.0.0-392 - Unauthenticated Denial of Service via HTTP Request Header
CVSS 5.3
CVE-2020-3128 HIGH
Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File
CVSS 7.8
CVE-2020-3127 HIGH
Cisco Webex Network Recording Player and Webex Player - Remote Code Execution via Malicious ARF or WRF File
CVSS 7.8
CVE-2020-5403 HIGH
Reactor Netty HttpServer 0.9.3-0.9.4 - Denial of Service via URISyntaxException
CVSS 7.5
CVE-2020-6797 MEDIUM
Firefox < 73.0 and Firefox ESR < 68.5.0 - Arbitrary Application Launch via .fileloc Extension
CVSS 4.3
CVE-2020-8132 CRITICAL
pdf-image <= 2.0.0 - Remote Code Execution via Untrusted PDF File Path
CVSS 9.8
CVE-2020-9430 HIGH
Wireshark 2.6.0-2.6.14, 3.0.0-3.0.8, 3.2.0-3.2.1 - Denial of Service in WiMax DLMAP Dissector
CVSS 7.5
CVE-2020-3860 HIGH
iOS <13.3.1-iPadOS <13.3.1-watchOS <6.1.2 - Memory Corruption
CVSS 7.8
CVE-2020-3856 HIGH
iPadOS < 13.3.1 - Memory Corruption via Maliciously Crafted String
CVSS 7.8
CVE-2020-3846 HIGH
iCloud < 7.17 - Buffer Overflow via Malicious XML Processing
CVSS 8.8
CVE-2020-3839 MEDIUM
macOS Catalina <10.15.3 - Info Disclosure
CVSS 5.5
CVE-2020-3172 HIGH
Cisco FXOS/NX-OS RCE/DoS via Cisco Discovery Protocol
CVSS 8.8
CVE-2020-3170 MEDIUM
Cisco NX-OS < 8.4(1) - Unauthenticated Denial of Service via NX-API HTTP Header
CVSS 5.3
CVE-2020-3166 MEDIUM
Cisco FXOS Software - Privilege Escalation
CVSS 6.7
CVE-2020-4212 CRITICAL
IBM Spectrum Protect 10.1.0-10.1.5 - Remote Code Execution via HTTP Command
CVSS 9.8
CVE-2020-5243 MEDIUM
uap-core < 0.7.3 - Denial of Service via User-Agent Regex Processing
CVSS 5.7
CVE-2020-6977 MEDIUM
GE Ultrasound Products - Desktop Environment Escape
CVSS 6.8
CVE-2020-3160 MEDIUM
Cisco Meeting Server < 2.8.0 - Unauthenticated Denial of Service via XMPP Packet Input Validation
CVSS 5.3
CVE-2020-1811 HIGH
GaussDB 200 <6.5.1 - Command Injection
CVSS 8.8
CVE-2020-1828 HIGH
Huawei NIP6800 <V500R001C30-V500R005C00 & Secospace USG6600/9500 <V...
CVSS 7.5
CVE-2020-9013 MEDIUM
Arvato Skillpipe 3.0 - Unauthenticated Print Restriction Bypass via Watermark Div Removal
CVSS 4.3
CVE-2020-8843 HIGH
Istio 1.3.0-1.3.6 - Policy Bypass via x-istio-attributes Header
CVSS 7.4
CVE-2020-8614 CRITICAL
Askey AP4000W TDC_V1.01.003 - Remote Code Execution via bd_svr Service
CVSS 9.8
Details
Vulnerabilities 12,591
Exploit Likelihood High