CWE-20— Improper Input Validation
11,530 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-20page 135 of 231
- CVE-2020-6335MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applica…
- CVE-2020-6336MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6337MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6338MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicati…
- CVE-2020-6339MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6340MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6341MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6342MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6343MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6344MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6345MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6346MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6347MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6348MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6349MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6350MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6351MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6352MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6353MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6354MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6355MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6356MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6357MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6358MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6359MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6360MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6361MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applica…
- CVE-2020-6366MEDIUMCVSS 6.5EG 6.52020-10-20
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server a…
- CVE-2020-6372HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6373HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6374HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user…
- CVE-2020-6375MEDIUMCVSS 5.5EG 5.52020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable …
- CVE-2020-6376MEDIUMCVSS 5.5EG 5.52020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the …
- CVE-2020-6380HIGHCVSS 8.8EG 8.82020-02-11
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
- CVE-2020-6385HIGHCVSS 8.8EG 8.82020-02-11
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
- CVE-2020-6391MEDIUMCVSS 4.3EG 4.32020-02-11
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
- CVE-2020-6392MEDIUMCVSS 4.3EG 4.32020-02-11
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
- CVE-2020-6393MEDIUMCVSS 6.5EG 6.52020-02-11
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2020-6394MEDIUMCVSS 5.4EG 5.42020-02-11
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- CVE-2020-6396MEDIUMCVSS 4.3EG 4.32020-02-11
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- CVE-2020-6397MEDIUMCVSS 6.5EG 6.52020-02-11
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
- CVE-2020-6399MEDIUMCVSS 6.5EG 6.52020-02-11
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2020-6401MEDIUMCVSS 6.5EG 6.52020-02-11
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2020-6402HIGHCVSS 8.8EG 8.82020-02-11
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
- CVE-2020-6403MEDIUMCVSS 4.3EG 4.32020-02-11
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- CVE-2020-6411MEDIUMCVSS 5.4EG 5.42020-02-11
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2020-6412MEDIUMCVSS 5.4EG 5.42020-02-11
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2020-6416HIGHCVSS 8.8EG 8.82020-02-11
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6420HIGHCVSS 8.8EG 8.82020-03-23
Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
- CVE-2020-6425MEDIUMCVSS 5.4EG 5.42020-03-23
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
Map vulnerabilities like CWE-20 to your infrastructure
EchelonGraph correlates every CVE — across CWE-20 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →