CWE-20— Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.— MITRE CWE catalog
11,809 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-20page 135 of 237
- CVE-2020-6334MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6335MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applica…
- CVE-2020-6336MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6337MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6338MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicati…
- CVE-2020-6339MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6340MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6341MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6342MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6343MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6344MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6345MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6346MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6347MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6348MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6349MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6350MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6351MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6352MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6353MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6354MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6355MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6356MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6357MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6358MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6359MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6360MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6361MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applica…
- CVE-2020-6366MEDIUMCVSS 6.5EG 6.52020-10-20
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server a…
- CVE-2020-6372HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6373HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6374HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user…
- CVE-2020-6375MEDIUMCVSS 5.5EG 5.52020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable …
- CVE-2020-6376MEDIUMCVSS 5.5EG 5.52020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the …
- CVE-2020-6380HIGHCVSS 8.8EG 8.82020-02-11
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension.
- CVE-2020-6385HIGHCVSS 8.8EG 8.82020-02-11
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.
- CVE-2020-6391MEDIUMCVSS 4.3EG 4.32020-02-11
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
- CVE-2020-6392MEDIUMCVSS 4.3EG 4.32020-02-11
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
- CVE-2020-6393MEDIUMCVSS 6.5EG 6.52020-02-11
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2020-6394MEDIUMCVSS 5.4EG 5.42020-02-11
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- CVE-2020-6396MEDIUMCVSS 4.3EG 4.32020-02-11
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- CVE-2020-6397MEDIUMCVSS 6.5EG 6.52020-02-11
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
- CVE-2020-6399MEDIUMCVSS 6.5EG 6.52020-02-11
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2020-6401MEDIUMCVSS 6.5EG 6.52020-02-11
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2020-6402HIGHCVSS 8.8EG 8.82020-02-11
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
- CVE-2020-6403MEDIUMCVSS 4.3EG 4.32020-02-11
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- CVE-2020-6411MEDIUMCVSS 5.4EG 5.42020-02-11
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2020-6412MEDIUMCVSS 5.4EG 5.42020-02-11
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- CVE-2020-6416HIGHCVSS 8.8EG 8.82020-02-11
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6420HIGHCVSS 8.8EG 8.82020-03-23
Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Map vulnerabilities like CWE-20 to your infrastructure
EchelonGraph correlates every CVE — across CWE-20 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →