Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,690

ID Title
CVE-2017-3280 Vulnerability in oracle (CVE-2017-3280)
CVE-2017-3283 Vulnerability in oracle (CVE-2017-3283)
CVE-2016-9795 Vulnerability in broadcom (CVE-2016-9795)
CVE-2017-3236 Vulnerability in oracle (CVE-2017-3236)
CVE-2017-3241 Vulnerability in oracle (CVE-2017-3241)
CVE-2017-3242 Vulnerability in dos (CVE-2017-3242)
CVE-2017-3256 Vulnerability in dos (CVE-2017-3256)
CVE-2017-3258 Vulnerability in dos (CVE-2017-3258)
CVE-2016-10024 Vulnerability in dos (CVE-2016-10024)
CVE-2016-9317 Vulnerability in dos (CVE-2016-9317)
CVE-2017-3800 Vulnerability in cisco (CVE-2017-3800)
CVE-2017-5371 Vulnerability in dos (CVE-2017-5371)
CVE-2016-6603 Vulnerability in zohocorp (CVE-2016-6603)
CVE-2016-9379 Vulnerability in xen (CVE-2016-9379)
CVE-2016-9380 Vulnerability in xen (CVE-2016-9380)
CVE-2016-9383 Vulnerability in dos (CVE-2016-9383)
CVE-2016-9385 Vulnerability in dos (CVE-2016-9385)
CVE-2016-4793 Vulnerability in cakephp (CVE-2016-4793)
CVE-2016-5119 Vulnerability in keepass (CVE-2016-5119)
CVE-2014-9754 Vulnerability in viprinet (CVE-2014-9754)
CVE-2014-9755 Vulnerability in viprinet (CVE-2014-9755)
CVE-2016-9435 Vulnerability in c (CVE-2016-9435)
CVE-2016-9436 Vulnerability in c (CVE-2016-9436)
CVE-2017-2576 In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
CVE-2015-8212 Vulnerability in netbsd (CVE-2015-8212)
CVE-2016-7543 Vulnerability in gnu (CVE-2016-7543)
CVE-2016-5197 Vulnerability in google (CVE-2016-5197)
CVE-2016-5218 Vulnerability in google (CVE-2016-5218)
CVE-2016-5222 Vulnerability in google (CVE-2016-5222)
CVE-2016-7998 Vulnerability in spip (CVE-2016-7998)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →