CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,467 vulnerabilities with CWE-20
CVE-2022-31778 HIGH
Apache Traffic Server 8.0.0-9.0.2 - Cache Poisoning via Transfer-Encoding Header
CVSS 7.5
CVE-2022-28129 HIGH
Apache Traffic Server 8.0.0-9.1.2 - Improper Input Validation in HTTP/1.1 Header Parsing
CVSS 7.5
CVE-2022-35773 HIGH
Azure RTOS GUIX Studio - Remote Code Execution
CVSS 7.8
CVE-2022-36125 HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
CVSS 7.5
CVE-2022-35724 HIGH
Apache Avro < 0.14.0 - Denial of Service via Infinite Loop in Data Reader
CVSS 7.5
CVE-2022-33729 MEDIUM
NFC <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 5.9
CVE-2022-33719 HIGH
Baseband <SMR Aug-2022 Release 1 - Memory Corruption
CVSS 8.6
CVE-2022-33715 MEDIUM
LauncherProvider <SMR Aug-2022 Release 1 - Path Traversal
CVSS 5.3
CVE-2022-2417 MEDIUM
GitLab 12.10-15.0.4, 15.1-15.1.3, 15.2-15.2.0 - Authenticated Supply Chain Attack via Branch Name Spoofing
CVSS 6.2
CVE-2022-34851 MEDIUM
F5 BIG-IP 13.1.x-17.0.x - Authenticated Denial of Service via iControl SOAP
CVSS 4.3
CVE-2022-34844 MEDIUM
F5 BIG-IP 15.1.0-15.1.6.1 and 16.1.0-16.1.3.1 - Denial of Service via DPDK/ENA Driver Traffic
CVSS 5.9
CVE-2022-30535 MEDIUM
F5 NGINX Ingress Controller 1.x and 2.x < 2.3.0 - Authenticated Secret Exposure via Ingress Object Manipulation
CVSS 6.5
CVE-2022-35924 CRITICAL
NextAuth.js <4.10.3, 3.29.10 - Info Disclosure
CVSS 9.1
CVE-2022-29154 HIGH
rsync < 3.2.5 - Arbitrary File Write via Insufficient File Name Validation
CVSS 7.4
CVE-2022-31321 CRITICAL
Bolt < 5.7 - Denial of Service via Foldername Parameter
CVSS 9.1
CVE-2022-34164 MEDIUM
IBM CICS TX 11.1 - Privilege Escalation
CVSS 5.5
CVE-2022-27255 CRITICAL
Realtek eCos RSDK and MSDK - Remote Code Execution via SIP ALG SDP Data Overflow
CVSS 9.8
CVE-2022-37010 LOW
JetBrains IntelliJ IDEA < 2022.2 - Improper Input Validation in Email Address Field
CVSS 3.6
CVE-2022-2479 MEDIUM
Google Chrome < 103.0.5060.134 - Information Disclosure via File Input Validation
CVSS 4.3
CVE-2022-1500 MEDIUM
Google Chrome < 101.0.4951.41 - Content Security Policy Bypass via Dev Tools
CVSS 6.5
CVE-2022-35650 HIGH
Moodle 3.9.0-3.9.14 - Authenticated Path Traversal via Lesson Question Import
CVSS 7.5
CVE-2022-35649 CRITICAL
Moodle - Remote Code Execution via Ghostscript PostScript Parsing
CVSS 9.8
CVE-2022-36450 HIGH
Obsidian 0.14.0-0.15.4 - Remote Code Execution via obsidian://hook-get-address URL
CVSS 8.0
CVE-2022-31172 HIGH
OpenZeppelin Contracts <4.7.1 - Code Injection
CVSS 7.5
CVE-2022-31170 HIGH
OpenZeppelin Contracts <4.7.1 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 12,467
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits