CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (8,003)
page 154 of 401| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5528 | — | Hig | 0.40 | 7.2 | 0.04 | Nov 14, 2023 | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | |
| CVE-2023-29246 | Hig | 0.40 | 7.2 | 0.01 | May 12, 2023 | An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | ||
| CVE-2023-27484 | Med | 0.40 | 6.2 | 0.01 | Mar 9, 2023 | crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`,… | ||
| CVE-2022-24847 | Hig | 0.40 | 7.2 | 0.01 | Apr 13, 2022 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code… | ||
| CVE-2021-43861 | Hig | 0.40 | 7.2 | 0.01 | Dec 30, 2021 | Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade… | ||
| CVE-2021-32759 | Hig | 0.40 | 7.2 | 0.01 | Aug 27, 2021 | OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13… | ||
| CVE-2020-25626 | — | Med | 0.40 | 6.1 | 0.01 | Sep 30, 2020 | A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject… | |
| CVE-2019-14904 | — | Hig | 0.40 | 7.3 | 0.00 | Aug 26, 2020 | A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw… | |
| CVE-2019-7617 | Hig | 0.40 | 7.2 | 0.02 | Aug 22, 2019 | When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing. | ||
| CVE-2018-6046 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2018 | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. | ||
| CVE-2018-6039 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2018 | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. | ||
| CVE-2018-8437 | Med | 0.40 | 6.2 | 0.02 | Sep 13, 2018 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10… | ||
| CVE-2018-8436 | Med | 0.40 | 6.2 | 0.02 | Sep 13, 2018 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10… | ||
| CVE-2018-14774 | — | Hig | 0.40 | 7.2 | 0.01 | Aug 3, 2018 | An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted… | |
| CVE-2017-2674 | — | Med | 0.40 | 6.1 | 0.01 | Jul 27, 2018 | JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in… | |
| CVE-2018-5176 | Med | 0.40 | 6.1 | 0.01 | Jun 11, 2018 | The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of… | ||
| CVE-2018-0355 | Med | 0.40 | 6.1 | 0.02 | Jun 7, 2018 | A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient… | ||
| CVE-2017-18262 | Med | 0.40 | 6.1 | 0.01 | Apr 30, 2018 | Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | ||
| CVE-2017-0917 | Med | 0.40 | 6.1 | 0.01 | Mar 21, 2018 | Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. | ||
| CVE-2017-8811 | Med | 0.40 | 6.1 | 0.01 | Nov 15, 2017 | The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. |
- risk 0.40cvss 7.2epss 0.04
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
- risk 0.40cvss 7.2epss 0.01
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
- risk 0.40cvss 6.2epss 0.01
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`,…
- risk 0.40cvss 7.2epss 0.01
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code…
- risk 0.40cvss 7.2epss 0.01
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade…
- risk 0.40cvss 7.2epss 0.01
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13…
- risk 0.40cvss 6.1epss 0.01
A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject…
- risk 0.40cvss 7.3epss 0.00
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw…
- risk 0.40cvss 7.2epss 0.02
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
- risk 0.40cvss 6.1epss 0.01
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
- risk 0.40cvss 6.1epss 0.01
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10…
- risk 0.40cvss 6.2epss 0.02
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10…
- risk 0.40cvss 7.2epss 0.01
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted…
- risk 0.40cvss 6.1epss 0.01
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in…
- risk 0.40cvss 6.1epss 0.01
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of…
- risk 0.40cvss 6.1epss 0.02
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient…
- risk 0.40cvss 6.1epss 0.01
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
- risk 0.40cvss 6.1epss 0.01
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
- risk 0.40cvss 6.1epss 0.01
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.