CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20
CVE-2022-32486 HIGH
Dell BIOS < 2.21.0 - Authenticated Arbitrary Code Execution in SMRAM via SMI
CVSS 7.5
CVE-2022-40227 HIGH
SIMATIC HMI Comfort/KTP Basic Panels < V17 Update 5 - DoS via TCP Packet
CVSS 7.5
CVE-2022-36363 MEDIUM
Siemens LOGO! 8 BM Firmware - Information Disclosure via Improper Offset Validation in TCP Packets
CVSS 5.3
CVE-2022-36362 HIGH
Siemens LOGO! and SIPLUS LOGO! - Unauthenticated Denial of Service via IP Address Manipulation
CVSS 7.5
CVE-2022-31766 HIGH
Siemens SCALANCE and RUGGEDCOM Firmware - Unauthenticated Denial of Service via Malformed TCP Event Packets
CVSS 8.6
CVE-2022-42012 MEDIUM
Freedesktop Dbus < 1.12.24 - Improper Input Validation
CVSS 6.5
CVE-2022-39281 MEDIUM
Fatfreecrm < 0.20.1 - Improper Input Validation
CVSS 6.5
CVE-2022-39291 MEDIUM
ZoneMinder < 1.36.27 - Log Injection via /zm/index.php Endpoint
CVSS 5.4
CVE-2022-32591 HIGH
Android - Denial of Service via Incorrect Bounds Check in ril
CVSS 7.5
CVE-2022-39863 LOW
Samsung Account < 13.5.01.3 - Intent Redirection
CVSS 3.6
CVE-2022-36868 MEDIUM
Android - MAC Address Leak via MouseNKeyHidDevice Intent Broadcast
CVSS 5.9
CVE-2022-39275 MEDIUM
Saleor 2.0.0-3.1.24 - Authenticated Information Exposure via GraphQL Mutation ID Type Validation Bypass
CVSS 5.3
CVE-2022-40923 MEDIUM
LIEF v0.12.1 - Denial of Service via Crafted MachO File
CVSS 6.5
CVE-2022-20945 HIGH
Cisco Catalyst 9800 Series Firmware 17.6-17.6.4 DoS via 802.11 Association Frame
CVSS 7.4
CVE-2022-20850 MEDIUM
Cisco SD-WAN vBond, vManage, vSmart & IOS XE SD-WAN - Authenticated Arbitrary File Deletion via CLI
CVSS 5.5
CVE-2022-40277 HIGH
Joplin 2.8.8 - Remote Code Execution via Malicious Markdown Link Schema
CVSS 7.8
CVE-2022-2529 HIGH
cloudflare/goflow < 3.4.4 - Denial of Service via Malformed sFlow Packet
CVSS 7.5
CVE-2022-39232 MEDIUM
Discourse 2.9.0.beta5-2.9.0.beta10 - Denial of Service via Incomplete Quote Handling
CVSS 6.5
CVE-2022-39226 MEDIUM
Discourse < 2.8.9 - Denial of Service via Large Payload in User Profile Fields
CVSS 4.3
CVE-2022-39266 CRITICAL
isolated-vm < 4.3.6 - Sandbox Bypass via Untrusted CachedData
CVSS 9.6
CVE-2022-31629 MEDIUM
PHP <7.4.31, 8.0.24, 8.1.11 - Info Disclosure
CVSS 6.5
CVE-2022-39236 MEDIUM
Matrix Javascript SDK 17.1.0-19.7.0 - Improper Input Validation in Beacon Event Processing
CVSS 4.3
CVE-2022-36448 HIGH
Insyde InsydeH2O 5.0-5.5 - SMM Memory Corruption via PnpSmm Driver
CVSS 8.2
CVE-2022-22525 HIGH
Carlo Gavazzi UWP3.0 - Command Injection
CVSS 7.2
CVE-2022-3201 MEDIUM
Google Chrome <105.0.5195.125 - CSRF
CVSS 5.4
Details
Vulnerabilities 12,467
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits