CWE-807

High likelihood

Reliance on Untrusted Inputs in a Security Decision

Parent: CWE-693 - Protection Mechanism Failure

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

76 vulnerabilities with CWE-807
CVE-2024-9310 MEDIUM
Software-Defined Radios - Info Disclosure
CVE-2024-45654 MEDIUM
IBM Security ReaQta 3.12 - Privilege Escalation
CVSS 4.3
CVE-2024-11146 MEDIUM
TrueFiling <3.1.112.19 - Info Disclosure
CVSS 6.3
CVE-2024-47254 MEDIUM
2N Access Commander <3.1.1.2 - Privilege Escalation
CVSS 6.3
CVE-2024-51561 HIGH
Aero < 120820241550 - Authenticated OTP Bypass via Response Manipulation
CVSS 7.5
CVE-2024-21510 MEDIUM
sinatra < 4.1.0 - Open Redirect via X-Forwarded-Host Header
CVSS 5.4
CVE-2024-5754 HIGH
BT Encryption procedure host - Info Disclosure
CVSS 8.2
CVE-2024-28829 HIGH
Checkmk <2.3.0p12-2.0.0 - Privilege Escalation
CVSS 7.8
CVE-2024-7005 MEDIUM
Google Chrome <127.0.6533.72 - Auth Bypass
CVSS 4.3
CVE-2024-29039 CRITICAL
tpm2-tools < 5.7 - Digest Mapping Manipulation via TPML_PCR_SELECTION Alteration
CVSS 9.0
CVE-2024-28824 HIGH
Checkmk <2.3.0b4-2.0.0 - Privilege Escalation
CVSS 8.8
CVE-2023-46686 MEDIUM
Gallagher Diagnostics Service <1.3.0 - Privilege Escalation
CVSS 5.5
CVE-2023-45128 CRITICAL
Fiber < 2.50.0 - Cross-Site Request Forgery via Improper CSRF Token Validation
CVSS 10.0
CVE-2023-0009 HIGH
Paloaltonetworks Palo Alto Networks GlobalProtect - Privilege Escalation
CVSS 7.8
CVE-2022-24400 HIGH
midnightblue tetra - Authorization Bypass via Predictable MS Challenge RAND2
CVSS 7.5
CVE-2022-20744 MEDIUM
Cisco Firepower Management Center - Info Disclosure
CVSS 6.5
CVE-2021-36777 HIGH
openSUSE Build service <dc000cdfe9b9b715fb92195b1a57559362f689ef - ...
CVSS 8.1
CVE-2021-41129 HIGH
Pterodactyl Panel 1.0.0-1.6.1 - Authentication Bypass via Two-Factor Confirmation Token Manipulation
CVSS 8.1
CVE-2021-31999 HIGH
Rancher <2.5.9, <2.4.16 - Privilege Escalation
CVSS 8.8
CVE-2021-29479 HIGH
Ratpack < 1.9.0 - Cache Poisoning via X-Forwarded-Host Header
CVSS 7.0
CVE-2020-5252 MEDIUM
safety < 1.8.6 and < 1.9.0 - Reliance on Untrusted Inputs in Security Decision
CVSS 5.0
CVE-2019-25711 MEDIUM
SpotFTP Password Recover 2.4.2 Denial of Service via Name Field
CVSS 6.2
CVE-2019-25621 MEDIUM
Pixel Studio 2.17 Denial of Service via Malformed Input
CVSS 6.2
CVE-2019-25594 MEDIUM
ASPRunner.NET 10.1 Denial of Service via Table Name Field
CVSS 6.2
CVE-2019-25544 MEDIUM
Pidgin 2.13.0 Denial of Service via Malformed Username
CVSS 6.2
Details
Vulnerabilities 76
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits