CWE-20— Improper Input Validation
11,530 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-20page 132 of 231
- CVE-2020-3567MEDIUMCVSS 6.5EG 6.52020-10-08
A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition o…
- CVE-2020-3568MEDIUMCVSS 5.8EG 5.82020-10-08
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulner…
- CVE-2020-35683HIGHCVSS 7.5EG 7.52021-08-19
An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller…
- CVE-2020-35684HIGHCVSS 7.5EG 7.52021-08-19
An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation…
- CVE-2020-3571HIGHCVSS 8.6EG 8.62020-10-21
A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an a…
- CVE-2020-3577HIGHCVSS 7.4EG 7.42020-10-21
A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a…
- CVE-2020-35789HIGHCVSS 8.8EG 8.82020-12-30
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.
- CVE-2020-3601MEDIUMCVSS 4.4EG 4.42020-10-08
A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validati…
- CVE-2020-3602MEDIUMCVSS 6.3EG 6.32020-10-08
A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validati…
- CVE-2020-3611HIGHCVSS 7.8EG 7.82020-09-08
u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Netw…
- CVE-2020-3617HIGHCVSS 7.1EG 7.12020-09-09
u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial I…
- CVE-2020-36175MEDIUMCVSS 5.3EG 5.32021-01-06
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
- CVE-2020-36195CRITICALCVSS 9.8EG 9.82021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed…
- CVE-2020-36199CRITICALCVSS 9.8EG 9.82021-01-26
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
- CVE-2020-3621MEDIUMCVSS 5.5EG 5.52020-09-08
u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdr…
- CVE-2020-3622HIGHCVSS 7.8EG 7.82020-09-08
u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Con…
- CVE-2020-3623HIGHCVSS 7.8EG 7.82020-06-02
kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130
- CVE-2020-36231MEDIUMCVSS 4.3EG 4.32021-02-02
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before…
- CVE-2020-36315MEDIUMCVSS 5.3EG 5.32021-04-07
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The produc…
- CVE-2020-36332HIGHCVSS 7.5EG 7.52021-05-21
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
- CVE-2020-3648HIGHCVSS 7.8EG 7.82020-09-08
u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snap…
- CVE-2020-3652CRITICALCVSS 9.1EG 9.12020-04-16
Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, S…
- CVE-2020-3653CRITICALCVSS 9.1EG 9.12020-04-16
Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850
- CVE-2020-36564HIGHCVSS 7.5EG 7.52022-12-27
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
- CVE-2020-3676HIGHCVSS 7.8EG 7.82020-06-22
Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM891…
- CVE-2020-3698CRITICALCVSS 9.8EG 9.82020-07-30
Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Sna…
- CVE-2020-3703CRITICALCVSS 9.8EG 9.82020-11-02
u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) a…
- CVE-2020-3704HIGHCVSS 7.5EG 7.52020-11-02
u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to InvalidConnectionRequest(CVE-2019-19193)…
- CVE-2020-37216HIGHCVSS 7.5EG 7.52026-04-03
Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attacker…
- CVE-2020-3767MEDIUMCVSS 6.5EG 6.52020-06-26
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).
- CVE-2020-3794CRITICALCVSS 9.8EG 9.82020-03-25
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.
- CVE-2020-3810MEDIUMCVSS 5.5EG 5.52020-05-15
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
- CVE-2020-3811HIGHCVSS 7.5EG 7.52020-05-26
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.
- CVE-2020-3839MEDIUMCVSS 5.5EG 5.52020-02-27
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory.
- CVE-2020-3846HIGHCVSS 8.8EG 8.82020-02-27
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows…
- CVE-2020-3847CRITICALCVSS 9.8EG 9.82020-04-01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.
- CVE-2020-3848CRITICALCVSS 9.8EG 9.82020-04-01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
- CVE-2020-3849CRITICALCVSS 9.8EG 9.82020-04-01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
- CVE-2020-3850CRITICALCVSS 9.8EG 9.82020-04-01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
- CVE-2020-3852MEDIUMCVSS 5.3EG 5.32020-10-27
A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.
- CVE-2020-3856HIGHCVSS 7.8EG 7.82020-02-27
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corru…
- CVE-2020-3860HIGHCVSS 7.8EG 7.82020-02-27
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2020-3884MEDIUMCVSS 6.1EG 6.12020-04-01
An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.
- CVE-2020-3892HIGHCVSS 7.8EG 7.82020-04-01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
- CVE-2020-3893HIGHCVSS 7.8EG 7.82020-04-01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
- CVE-2020-3898HIGHCVSS 7.8EG 7.82020-10-22
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.
- CVE-2020-3905HIGHCVSS 7.8EG 7.82020-04-01
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
- CVE-2020-3943CRITICALCVSS 9.8EG 9.82020-02-19
vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Hor…
- CVE-2020-3953MEDIUMCVSS 4.8EG 4.82020-04-15
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
- CVE-2020-3954MEDIUMCVSS 6.1EG 6.12020-04-15
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
Map vulnerabilities like CWE-20 to your infrastructure
EchelonGraph correlates every CVE — across CWE-20 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →