Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-34164 |
IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. Published: August 01, 2022; 12:15:07 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-27255 |
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data. Published: August 01, 2022; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-37010 |
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed Published: July 28, 2022; 7:15:07 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-2479 |
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. Published: July 27, 2022; 10:15:08 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2020-6998 |
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. Published: July 27, 2022; 5:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.6 HIGH V2.0:(not available) |
CVE-2022-1500 |
Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. Published: July 26, 2022; 6:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-35650 |
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. Published: July 25, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-35649 |
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. Published: July 25, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-36450 |
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. Published: July 25, 2022; 3:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-20913 |
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. Published: July 22, 2022; 12:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-20909 |
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. Published: July 22, 2022; 12:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2022-20908 |
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. Published: July 22, 2022; 12:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2022-22214 |
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All versions prior to 12.3R12-S21; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-S1-EVO, 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO. Published: July 20, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-34866 |
Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running. Published: July 20, 2022; 3:15:09 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-35404 |
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Published: July 18, 2022; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0:(not available) |
CVE-2022-26655 |
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams. Published: July 17, 2022; 5:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2022-34758 |
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior) Published: July 13, 2022; 5:15:08 PM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2022-35171 |
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below Published: July 12, 2022; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-32248 |
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. Published: July 12, 2022; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2022-33704 |
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. Published: July 12, 2022; 10:15:18 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |