CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20
CVE-2022-38408 HIGH
Adobe Illustrator <26.4, 25.4.7 - RCE
CVSS 7.8
CVE-2022-35415 HIGH
NI Configuration Manager < 22.5.0 - Privilege Escalation via Improper Input Validation
CVSS 7.8
CVE-2022-1798 HIGH
kubevirt 0.20.0-0.55.1 - Path Traversal
CVSS 8.7
CVE-2022-3001 HIGH
Milesight Video Management Systems Firmware < 40.7.0.79 - Denial of Service via Crafted HTTP Request
CVSS 7.5
CVE-2022-29922 HIGH
Hitachi Energy MicroSCADA X SYS600 9.0-10.3.1 - Denial of Service via IEC 61850 OPC Server Packet Handling
CVSS 7.5
CVE-2022-29492 MEDIUM
Hitachi Energy MicroSCADA X SYS600 10-10.3.1 & Pro SYS600 9.0-9.4 FP2 HF4 - DoS via Malformed IEC 104 Packet
CVSS 5.3
CVE-2022-20392 HIGH
Android - Local Privilege Escalation via Improper Permission Validation
CVSS 7.8
CVE-2022-36087 MEDIUM
oauthlib 3.1.1-3.2.1 - Open Redirect via URI Validation Bypass
CVSS 5.7
CVE-2022-3169 MEDIUM
Linux Kernel - Denial of Service via NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET
CVSS 5.5
CVE-2022-36873 MEDIUM
Samsung Galaxy Watch Plugin < 2.2.11.22081151 - MAC Address Leak via GalaxyStoreBridgePageLinker Intent
CVSS 5.9
CVE-2022-36859 MEDIUM
Samsung SmartTagPlugin < 1.2.21-6 - Cross-Site Scripting
CVSS 5.7
CVE-2022-36854 MEDIUM
Android - Out-of-Bounds Read in libapexjni.media.samsung.so
CVSS 4.0
CVE-2022-36853 LOW
Android Photo Editor - Information Disclosure via Intent Redirection
CVSS 3.3
CVE-2022-36850 MEDIUM
Android CallBGProvider - Path Traversal and Arbitrary File Write
CVSS 4.0
CVE-2022-36085 HIGH
Open Policy Agent 0.40.0-0.43.0 - Unsafe Builtin Bypass via 'with' Keyword
CVSS 7.4
CVE-2022-36082 MEDIUM
mangadex-downloader <1.7.2 - Path Traversal
CVSS 5.3
CVE-2022-36058 HIGH
Elrond go <1.3.34 - Info Disclosure
CVSS 7.5
CVE-2022-36032 MEDIUM
ReactPHP HTTP 0.7.0-1.7.0 - Cookie Prefix Spoofing via URL Decoding
CVSS 5.3
CVE-2022-31020 HIGH
Indy Node <1.12.4 - Authenticated RCE
CVSS 8.8
CVE-2022-30331 HIGH
TigerGraph 3.6.0 - Remote Code Execution via User-Defined Functions
CVSS 8.8
CVE-2022-28199 MEDIUM
NVIDIA DPDK 19.11_1.0.0-20.11_5.0.0 DoS & Data Integrity via Input Validation
CVSS 6.5
CVE-2022-1271 HIGH
GNU gzip - Arbitrary File Write via Crafted Multi-Line Filename
CVSS 8.8
CVE-2022-29850 HIGH
Lexmark Multiple Models Firmware Persistence Across Reboots via Compromised Device
CVSS 8.1
CVE-2022-34916 CRITICAL
Apache Flume 1.4.0-1.10.0 - Remote Code Execution via JMS Source JNDI LDAP URI
CVSS 9.8
CVE-2022-34345 MEDIUM
Intel LAPBC510 and LAPBC710 Firmware < BC0076 - Privilege Escalation via Physical Access
CVSS 6.2
Details
Vulnerabilities 12,467
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits