CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,591 vulnerabilities with CWE-20
CVE-2020-5215 MEDIUM
TensorFlow < 1.15.2 - Denial of Service via String to tf.float16 Conversion
CVSS 5.0
CVE-2020-8087 CRITICAL
SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA - Command Injection
CVSS 9.8
CVE-2020-3139 MEDIUM
Cisco Application Policy Infrastructure Controller < 4.2(3j) - Unauthenticated IP Table Rule Bypass
CVSS 5.3
CVE-2020-3134 MEDIUM
Cisco Email Security Appliance < 13.0 - Unauthenticated Denial of Service via Zip Decompression Engine
CVSS 6.5
CVE-2020-6965 CRITICAL
GE Healthcare ApexPro Telemetry Server < 4.2 - Authenticated Arbitrary File Upload via Software Update Mechanism
CVSS 9.9
CVE-2020-6963 CRITICAL
GE Healthcare ApexPro Telemetry Server < 4.2 - Remote Code Execution via Hardcoded SMB Credentials
CVSS 10.0
CVE-2020-6962 CRITICAL
GE Healthcare ApexPro Telemetry Server < 4.2 - Remote Code Execution via Web Configuration Utility
CVSS 10.0
CVE-2020-6638 HIGH
Grin < 2.1.1 - Improper Input Validation
CVSS 7.5
CVE-2020-7058 HIGH
Cacti 1.2.8 - Remote Code Execution via Data Input Methods Unix Ping Host
CVSS 8.8
CVE-2020-0617 MEDIUM
Microsoft Hyper-V - Denial of Service via Virtual PCI Input Validation
CVSS 6.0
CVE-2020-0606 HIGH
.NET Framework - Remote Code Execution via Unchecked File Markup
CVSS 8.8
CVE-2020-0605 HIGH
.NET Framework - Remote Code Execution via Unchecked File Source Markup
CVSS 8.8
CVE-2020-6304 HIGH
SAP NetWeaver Internet Communication Manager <7.53 - DoS
CVSS 7.5
CVE-2020-5519 CRITICAL
OpenLiteSpeed < 1.6.5 - Unauthenticated Server-Side Request Forgery via WebAdmin Console
CVSS 9.8
CVE-2019-11098 MEDIUM
EDK II - Unauthenticated Privilege Escalation, Denial of Service and Information Disclosure via Physical Access
CVSS 6.8
CVE-2019-11781 HIGH
Odoo < 12.0 - Unauthenticated Privilege Escalation via Portal Component
CVSS 8.8
CVE-2019-8857 LOW
iPadOS < 13.3 - Unintended Live Photo Data Exposure via iCloud Link Sharing
CVSS 3.3
CVE-2019-8853 MEDIUM
macOS < 10.15.4 - Unprotected Memory Exposure via Input Validation Issue
CVSS 5.5
CVE-2019-8664 MEDIUM
iPhone OS < 12.3 and watchOS < 5.2.1 - Denial of Service via Maliciously Crafted Message
CVSS 6.5
CVE-2019-8774 MEDIUM
iPadOS < 13.1 - Denial of Service via Maliciously Crafted iBooks File
CVSS 5.5
CVE-2019-8737 MEDIUM
macOS < 10.15.1 - Denial of Service via Improper Input Validation
CVSS 6.5
CVE-2019-8736 MEDIUM
macOS < 10.15 - Unprotected User Data Exposure via Input Validation Issue
CVSS 6.5
CVE-2019-8668 MEDIUM
iPhone OS < 12.4 - Denial of Service via Maliciously Crafted Image
CVSS 5.5
CVE-2019-8640 HIGH
macOS < 10.14.5 - Sandbox Restriction Bypass via Logic Issue
CVSS 7.5
CVE-2019-8633 HIGH
iPhone OS <12.3, macOS 10.13.6-10.14.5, tvOS <12.3, watchOS <5.3 - Unauthorized Memory Read
CVSS 7.5
Details
Vulnerabilities 12,591
Exploit Likelihood High