CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20
CVE-2022-46365 CRITICAL
Apache StreamPark <2.0.0 - Auth Bypass
CVSS 9.1
CVE-2022-25273 HIGH
Drupal 8.0.0-9.2.17 - Improper Input Validation in Form API
CVSS 7.5
CVE-2022-29606 CRITICAL
ONOS 2.5.1 - Improper Input Validation in Intent Framework
CVSS 9.8
CVE-2022-33211 CRITICAL
Qualcomm Modem Firmware - Memory Corruption
CVSS 9.8
CVE-2022-42477 HIGH
FortiAnalyzer 6.4.0-7.0.6 and 7.2.1 - Authenticated File System Information Disclosure via Custom Dataset SQL Queries
CVSS 7.1
CVE-2022-47192 HIGH
Generex CS141 Firmware < 2.06 - Unauthenticated Administrator Password Reset via Backup File Upload
CVSS 8.8
CVE-2022-47191 MEDIUM
Generex UPS CS141 <2.06 - Privilege Escalation
CVSS 4.3
CVE-2022-47190 CRITICAL
Generex CS141 Firmware < 2.06 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Firmware Update
CVSS 10.0
CVE-2022-47189 HIGH
Generex UPS CS141 <2.06 - Info Disclosure
CVSS 7.5
CVE-2022-47188 HIGH
Generex UPS CS141 <2.06 - Info Disclosure
CVSS 7.5
CVE-2022-48356 HIGH
Huawei EMUI - Denial of Service in Facial Recognition Module
CVSS 7.5
CVE-2022-47925 HIGH
csaf-validator-lib < 0.1.0 - Unauthenticated Denial of Service via Validate JSON Endpoint
CVSS 7.5
CVE-2022-47924 MEDIUM
csaf-validator-lib < 0.1.0 - Arbitrary Code Execution and Denial of Service via Crafted Validate Function Arguments
CVSS 6.5
CVE-2022-42500 MEDIUM
Android - Local Privilege Escalation via OEM_OnRequest Improper Input Validation
CVSS 6.7
CVE-2022-20542 HIGH
Android 13 - Local Privilege Escalation via Missing Bounds Check in parseParamsBlob
CVSS 7.8
CVE-2022-47502 HIGH
Apache OpenOffice < 4.1.13 - Arbitrary Script Execution via Macro Link URI Scheme
CVSS 7.8
CVE-2022-43863 MEDIUM
IBM QRadar SIEM <7.5 - Privilege Escalation
CVSS 6.7
CVE-2022-3767 HIGH
GitLab Dynamic Application Security Testing Analyzer 1.11.0-3.0.32 - Improper Input Validation in Custom Request Headers
CVSS 7.7
CVE-2022-4904 HIGH
c-ares < 1.19.0 - Denial of Service via ares_set_sortlist Input Validation
CVSS 8.6
CVE-2022-3294 MEDIUM
kubernetes <1.22.16 and 1.25.0-1.25.4 - Authenticated Server-Side Request Forgery via Node Proxy Validation Bypass
CVSS 6.6
CVE-2022-20952 MEDIUM
Cisco AsyncOS 11.8-13.9 - Unauthenticated Traffic Filter Bypass via Malformed HTTP Response
CVSS 5.3
CVE-2022-40237 MEDIUM
IBM MQ for HPE NonStop 8.1.0 - Denial of Service via CCDT and Channel Synchronization Logic
CVSS 6.5
CVE-2022-48321 MEDIUM
Checkmk <=2.1.0p11 - Limited Server-Side Request Forgery via Host Registration API
CVSS 6.8
CVE-2022-47909 MEDIUM
Checkmk <= 2.1.0p11, <= 2.0.0p28, 1.6.0 - Livestatus Query Language Injection via AuthUser HTTP Header
CVSS 6.8
CVE-2022-46836 CRITICAL
Tribe29's Checkmk <2.1.0p10-<2.0.0p27-<1.6.0p29 - Code Injection
CVSS 9.1
Details
Vulnerabilities 12,467
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits