CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,466 vulnerabilities with CWE-20
CVE-2023-47746 MEDIUM
IBM Db2 10.5.0.0-10.5.0.10 - Authenticated Denial of Service via Crafted Query
CVSS 5.3
CVE-2023-45193 MEDIUM
IBM Db2 < 11.5.9 - Denial of Service via Specially Crafted Cursor
CVSS 5.9
CVE-2023-50694 CRITICAL
dom96 HTTPbeast < 0.4.1 - Remote Code Execution via Malicious Request Parsing
CVSS 9.8
CVE-2023-42766 HIGH
Intel NUC 8 Compute Element BIOS Firmware - Privilege Escalation via Improper Input Validation
CVSS 7.5
CVE-2023-38587 HIGH
Intel NUC BIOS - Privilege Escalation
CVSS 7.5
CVE-2023-29495 HIGH
Intel NUC 8 Mainstream-G Kit BIOS < IN0048 - Privilege Escalation via Improper Input Validation
CVSS 7.5
CVE-2023-28743 HIGH
Intel NUC BIOS <QN0073 - Privilege Escalation
CVSS 7.5
CVE-2023-28738 HIGH
Intel NUC BIOS <JY0070 - Privilege Escalation
CVSS 7.5
CVE-2023-48354 MEDIUM
Android - Local Information Disclosure via Telephone Service Input Validation
CVSS 5.5
CVE-2023-48346 MEDIUM
Android - Local Denial of Service via Video Decoder Input Validation
CVSS 5.5
CVE-2023-5097 HIGH
HYPR Workforce Access <8.7 - Path Traversal
CVSS 7.0
CVE-2023-6395 MEDIUM
Mock - Privilege Escalation
CVSS 6.7
CVE-2023-31035 HIGH
NVIDIA DGX A100 Firmware < 1.25 - SMI Callout Arbitrary Code Execution
CVSS 7.5
CVE-2023-49568 HIGH
go-git < 5.11.0 - Denial of Service via Crafted Git Server Response
CVSS 7.5
CVE-2023-6781 MEDIUM
Orbit Fox by ThemeIsle <= 2.10.26 - Authenticated Stored Cross-Site Scripting via Custom Fields
CVSS 6.4
CVE-2023-45171 MEDIUM
IBM AIX 7.2-7.3 and VIOS 3.1 - Denial of Service via Kernel Input Validation
CVSS 6.2
CVE-2023-45169 MEDIUM
IBM AIX 7.2-7.3 and VIOS 3.1 - Denial of Service via pmsvcs Kernel Extension
CVSS 6.2
CVE-2023-45175 MEDIUM
IBM AIX 7.2-7.3 and VIOS 3.1 - Denial of Service via TCP/IP Kernel Extension
CVSS 6.2
CVE-2023-45173 MEDIUM
IBM AIX 7.2-7.3 and VIOS 3.1 - Denial of Service via NFS Kernel Extension
CVSS 6.2
CVE-2023-42826 HIGH
macOS < 14.0 - Remote Code Execution via File Processing
CVSS 7.8
CVE-2023-40394 LOW
iPadOS < 16.6 - Unprotected User Data Exposure via Environment Variable Validation
CVSS 3.3
CVE-2023-29446 MEDIUM
PTC KEPServerEX and ThingWorx Industrial Connectivity - UNC Path Injection
CVSS 4.7
CVE-2023-41781 MEDIUM
ZTE MF258 Firmware - Stored Cross-Site Scripting via SMS Interface Parameter
CVSS 5.7
CVE-2023-51438 CRITICAL
SIMATIC IPC1047E/IPC647E/IPC847E - Unauthorized Access
CVSS 10.0
CVE-2023-49252 HIGH
SIMATIC CN 4100 < 2.7 - Unauthenticated Denial of Service via IP Configuration Change
CVSS 7.5
Details
Vulnerabilities 12,466
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits