Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-04 | CVE-2023-25522 | Improper Input Validation vulnerability in Nvidia DGX A100 Firmware and DGX A800 Firmware NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. | 7.8 |
| 2023-07-03 | CVE-2023-35797 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. | 9.8 |
| 2023-07-01 | CVE-2023-28324 | Improper Input Validation vulnerability in Ivanti Endpoint Manager A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | 9.8 |
| 2023-06-29 | CVE-2023-22886 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Jdbc Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0. | 8.8 |
| 2023-06-28 | CVE-2023-21192 | Improper Input Validation vulnerability in Google Android 13.0 In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. | 7.8 |
| 2023-06-27 | CVE-2023-26273 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.5.0 IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. | 4.3 |
| 2023-06-27 | CVE-2023-35798 | Improper Input Validation vulnerability in Apache products Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected | 4.3 |
| 2023-06-26 | CVE-2023-34421 | Improper Input Validation vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. | 6.5 |
| 2023-06-26 | CVE-2023-34422 | Improper Input Validation vulnerability in Lenovo Xclarity Administrator A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | 6.5 |
| 2023-06-23 | CVE-2023-35163 | Improper Input Validation vulnerability in Gobalsky Vega Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. | 5.2 |