Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-20
Total 9170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2868 3 Debian, Fedoraproject, Libtiff 3 Debian Linux, Fedora, Libtiff 2023-02-23 N/A 5.5 MEDIUM
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
CVE-2022-28129 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2023-02-23 N/A 7.5 HIGH
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-31780 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2023-02-23 N/A 7.5 HIGH
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2021-37150 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2023-02-23 N/A 7.5 HIGH
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-34350 1 Ibm 1 Api Connect 2023-02-22 N/A 7.5 HIGH
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264.
CVE-2022-24720 2 Debian, Image Processing Project 2 Debian Linux, Image Processing 2023-02-22 10.0 HIGH 9.8 CRITICAL
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations.
CVE-2022-31808 1 Siemens 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more 2023-02-22 N/A 7.8 HIGH
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.
CVE-2022-45088 1 Gruparge 1 Smartpower Web 2023-02-21 N/A 9.8 CRITICAL
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.
CVE-2023-21439 1 Samsung 1 Android 2023-02-21 N/A 7.8 HIGH
Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.
CVE-2023-21428 1 Samsung 1 Android 2023-02-21 N/A 3.3 LOW
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.
CVE-2022-45770 1 Adguard 1 Adguard 2023-02-21 N/A 7.8 HIGH
Improper input validation in driver adgnetworkwfpdrv.sys in Adguard For Windows x86 up to version 7.11 allows attacker to gain local privileges escalation.
CVE-2022-34362 3 Ibm, Linux, Microsoft 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more 2023-02-18 N/A 4.6 MEDIUM
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
CVE-2023-21446 1 Samsung 1 Android 2023-02-17 N/A 5.5 MEDIUM
Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.
CVE-2023-21431 1 Samsung 1 Bixby Vision 2023-02-17 N/A 3.3 LOW
Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision.
CVE-2023-24569 1 Dell 1 Alienware Command Center 2023-02-16 N/A 7.8 HIGH
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.
CVE-2022-48298 1 Huawei 2 Emui, Harmonyos 2023-02-16 N/A 7.5 HIGH
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2022-48297 1 Huawei 2 Emui, Harmonyos 2023-02-16 N/A 7.5 HIGH
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2022-38778 2 Decode-uri-component Project, Elastic 2 Decode-uri-component, Kibana 2023-02-16 N/A 6.5 MEDIUM
A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.
CVE-2020-8184 3 Canonical, Debian, Rack Project 3 Ubuntu Linux, Debian Linux, Rack 2023-02-16 5.0 MEDIUM 7.5 HIGH
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
CVE-2022-24952 1 Eternal Terminal Project 1 Eternal Terminal 2023-02-16 N/A 6.5 MEDIUM
Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket.