Przykłady dla CWE-20: Improper Input Validation

	Tytuł	Data	Autor
Med.	WordPress WoodMart Theme <= 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection	08.03.2023	FearZzZz
Low	NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery	18.05.2021	Harry Sintonen
Med.	Dovecot 2.3.11.3 Denial Of Service	07.01.2021	Innokentii Sennovskiy
Med.	October CMS <= Build 465 Multiple Vulnerabilities	03.08.2020	Sivanesh Ashok
Med.	Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service	20.05.2020	Philippe Antoine
Med.	SCP Server Verification Issues	16.01.2019	Harry Sintonen
Low	Wordpress Plugin Ninja Forms - CSV Injection	20.08.2018	Mostafa Gharzi
High	HPE VAN SDN 2.7.18.0503 Remote Root	28.06.2018	KoreLogic
High	HP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root	27.06.2018	Matthew Bergin
Low	GNU Wget 1.19.4 Cookie Injection	08.05.2018	Harry Sintonen
Low	The First MicroFinance Bank \| RCE / File Upload	24.06.2017	Infinity Security Team
Low	AXIS Communications XSS / Content Inclusion	18.03.2017	orwelllabs
Low	AXIS Network Camera Cross Site Scripting	18.03.2017	orwelllabs
High	AXIS Authenticated Remote Command Execution	28.07.2016	orwelllabs
Low	CMS Made Simple Cache Poisoning	04.05.2016	I-Tracing
Low	pgpdump 0.29 Endless Loop	20.04.2016	Klaus Eisentraut
Med.	innovaphone IP222 UDP Denial Of Service	26.03.2016	Sven Freund
Med.	innovaphone IP222 11r2 sr9 Download Denial Of Service	26.03.2016	Sven Freund
Med.	Dell Authentication Driver Uncontrolled Write	19.12.2015	Matt Bergin
High	ZyXEL PMG5318-B20A OS Command Injection	16.10.2015	Karn Ganeshen
Low	GPON Zhone R4.0.2.566b D.O.S.	03.03.2015	Kaczinski lramirez
High	Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges	14.12.2014	quicinc
High	VMWare vmx86.sys Arbitrary Kernel Read	06.11.2014	Matt Bergin
Med.	Apache HTTP Server 2.4.7 mod_log_config denial of service	19.03.2014	Apache
High	Apple MacOSX 10.9.2 OpenSSL Verification Surprises	05.03.2014	hynek
Med.	Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability	27.02.2014	soroush
Low	PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service	10.02.2014	Nobody
Med.	Conceptronic C54APM Open Redirect	12.01.2014	antonio vazquez blanco
Med.	OpenSSL 1.0.1e NULL Pointer dereference DoS	11.01.2014	Dr. Stephen Henson
Med.	Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls	09.01.2014	mpb
High	Linux kernel Multiple CVE fixes	23.11.2013	Nico Golde and Fabian ...
Med.	Goodix GT915 Driver Memory Corruption / DoS / Privilege Escalation	08.11.2013	Jonathan Salwan
Med.	Vino VNC Server 3.7.3 Denial Of Service	18.09.2013	Jonathan Claudius
Med.	WordPress Event Easy Calendar 1.0.0 XSS / CSRF / Input Validation	09.09.2013	RogueCoder
High	Hikvision IP Cameras Overflow / Bypass / Privilege Escalation	07.08.2013	CORE
Low	Xpient POS / Iris 3.8 Cash Drawer Operation Remote Trigger	06.06.2013	CORE
High	NextApp Echo XML Injection Vulnerability	02.05.2013	Anonymous
High	Cisco Unified Computing System Multiple Vulnerabilities	24.04.2013	CISCO
High	Cisco NX-OS-Based Products Multiple Vulnerabilities	24.04.2013	CISCO
Med.	Cisco IOS XE Software for 1000 Series Multiple Vulnerabilities	10.04.2013	Cisco
Low	Pebble 2.6.4 Open Redirection	04.11.2012	Anonymous
Low	VirtualBox CPU-emulation bug (missing CPL check)	08.09.2012	halfdog
Low	IBM Lotus Domino HTTP Response Splitting and Cross-Site Scripting	07.09.2012	MustLive
Low	IOServer Root Directory Trailing Backslash Multiple Vulnerabilities	20.08.2012	hinge
High	LifeSize Room Command Injection	13.11.2011	Spencer McIntyre (zero...
High	Apple Safari Webkit libxslt Arbitrary File Creation	29.10.2011	metasploit
Med.	astersik open source 1.8.7 Remote crash vulnerability	26.10.2011	Asterisk Security Team
High	CMS WebManager-Pro Vulnerabilities	12.10.2011	MustLive
High	Opera 10/11 (bad nesting with frameset tag) Memory Corruption	10.10.2011	Jose A. Vazquez
High	Mac OS X < 10.6.7 Kernel Panic Exploit	02.10.2011	hkpco
High	LifeSize Room Command Injection	05.09.2011	Spencer McIntyre
High	iOS SSL Implementation Does Not Validate Certificate Chain	01.09.2011	Trustwave Advisories
Low	Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS	01.09.2011	Timo Warns
Low	Android Browser Cross-Application Scripting	16.08.2011	Roee Hay
High	HP Data Protector Remote Shell for HP-UX	08.08.2011	Adrian Puente Z.
High	ioQuake3 Remote shell injection	06.08.2011	Thilo Schulz
High	HP Data Protector Remote Shell for HPUX	06.08.2011	Adrian Puente Z.
Med.	phpMyAdmin 3.x Conditional Session Manipulation	03.08.2011	Mango
High	Mozilla Firefox \"nsTreeRange\" Dangling Pointer Vulnerability	19.07.2011	metasploit
Med.	Symantec Backup Exec 12.5 MiTM Attack	11.07.2011	Nibin
High	Black Ice Cover Page ActiveX Control Arbitrary File Download	22.06.2011	metasploit
High	Black Ice Cover Page SDK insecure method DownloadImageFileURL() exploit	22.06.2011	mr_me
High	Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute	10.06.2011	metasploit
High	HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)	30.05.2011	fdisk
Low	Opera : SELECT SIZE Arbitrary null write	13.05.2011	Advisories Toucan-Syst...
Low	CA SiteMinder Security Notice	02.05.2011	Williams, James K
Low	Linux Kernel 2.4 and 2.6 disclosure of sensitive information	12.04.2011	Timo Warns
Med.	Apache Tomcat 7.0.11 information disclosure	12.04.2011	Mark Thomas
High	xpdf multiple vulnerabilities allow remote code execution	02.04.2011	Advisories Toucan-Syst...
Med.	Mutt: failure to check server certificate in SMTP TLS connection	18.03.2011	dave b
Low	SugarCRM list privilege restriction bypass	18.03.2011	RedTeam Pentesting Gmb...
High	Linux Kernel Buffer Overflow ldm_frag_add() Elevated Privileges	04.03.2011	PRE
High	Cisco Secure Desktop CSDWebInstaller Remote Code Execution	01.03.2011	ZDI
Med.	ZOHO ManageEngine ADSelfService multiple vulnerabilities	18.02.2011	CORE Security Technolo...
Med.	mit kerberos 5-1.9 kpropd denial of service	12.02.2011	Tom Yu
Med.	MyProxy SSL Certificate Validation Security Bypass Vulnerability	03.02.2011	Venkat Yekkirala
High	OpenVAS Manager Command Injection Vulnerability	01.02.2011	Tim Brown
High	OpenVAS Manager Vulnerable To Command Injection	31.01.2011	Tim Brown
High	CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability	18.01.2011	felix
High	MS11-002: Microsoft Data Access Components Vulnerability	15.01.2011	Peter Vreugdenhil
High	Mono/Moonlight Generic Type Argument Local Privilege Escalation	15.01.2011	Chris Howie
Med.	Symantec Intel Handler Service Remote Denial-of-Service	25.12.2010	Core
High	Windows Win32k Pointer Dereferencement (MS10-098)	18.12.2010	Stefan LE BERRE
Low	PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference	05.11.2010	Maksymilian Arciemowic...
High	Android 2.0-2.1 Reverse Shell Exploit	05.11.2010	MJ Keith
Med.	KDC uninitialized pointer crash in authorization data handling	11.10.2010	Tom Yu
High	Adobe Acrobat and Reader Array Indexing Remote Code Execution Vulnerability	09.10.2010	Knud and nSense
Med.	IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability	07.10.2010	ZDI
High	Microsoft Unicode Scripts Processor Remote Code Execution	06.10.2010	Abysssec
Low	HP System Management Homepage (SMH) Remote URL Redirection	28.09.2010	HP
High	Novell iPrint Client ActiveX Control \'debug\' Buffer Overflow Exploit	23.09.2010	Trancer
Med.	MailEnable SMTP Service Two Denial of Service Vulnerabilities	17.09.2010	Secunia Research
Med.	Apache Traffic Server 2.0.0 issue	15.09.2010	Tim Brown
Low	linux kernel 2.6.34 xfs swapext ioctl issue	13.09.2010	Eugene Teo
High	Adobe Shockwave 11.20005.7.609 tSAC Chunk Invalid Seek	31.08.2010	ZDI
High	Adobe Shockwave 11.20005.7.609 CSWV Chunk Memory Corruption	31.08.2010	ZDI
High	Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability	30.08.2010	ZDI
High	Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerdability	30.08.2010	ZDI
High	Adobe Shockwave Player Director Remote Code Execution Vulnerability	30.08.2010	ZDI
High	ssmtp 2.62 standardise() Buffer overflow	24.08.2010	Jan Lieskovsky

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-07-26

CVE-2024-35296	Updating...	Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
CVE-2024-35161	Updating...	Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
CVE-2023-38522	Updating...	Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
CVE-2024-7128	Updating...	A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.

2024-07-24

CVE-2024-3454

Updating...

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.

2024-07-23

CVE-2024-41839

Updating...

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.

2024-07-22

	CVE-2024-38503	Updating...	When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing �??Personal Information�?� or �??User Requests�?�. Users are recommended to upgrade to version 3.0.8, which fixes this issue.
	CVE-2024-23321	Updating...	For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list. To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.

2024-07-19

CVE-2024-32007

Updating...

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.

2024-07-18

CVE-2023-40159

Updating...

A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.

08.03.2023

18.05.2021

07.01.2021

03.08.2020

20.05.2020

16.01.2019

20.08.2018

28.06.2018

27.06.2018

08.05.2018

24.06.2017

18.03.2017

18.03.2017

28.07.2016

04.05.2016

20.04.2016

26.03.2016

26.03.2016

19.12.2015

16.10.2015

03.03.2015

14.12.2014

06.11.2014

19.03.2014

05.03.2014

27.02.2014

10.02.2014

12.01.2014

11.01.2014

09.01.2014

23.11.2013

08.11.2013

18.09.2013

09.09.2013

07.08.2013

06.06.2013

02.05.2013

24.04.2013

24.04.2013

10.04.2013

04.11.2012

08.09.2012

07.09.2012

20.08.2012

13.11.2011

29.10.2011

26.10.2011

12.10.2011

10.10.2011

02.10.2011

05.09.2011

01.09.2011

01.09.2011

16.08.2011

08.08.2011

06.08.2011

06.08.2011

03.08.2011

19.07.2011

11.07.2011

22.06.2011

22.06.2011

10.06.2011

30.05.2011

13.05.2011

02.05.2011

12.04.2011

12.04.2011

02.04.2011

18.03.2011

18.03.2011

04.03.2011

01.03.2011

18.02.2011

12.02.2011