VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 134 of 401
  • CVE-2023-42805HigSep 21, 2023
    risk 0.42cvss 7.5epss 0.01

    quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.

  • CVE-2023-4698HigSep 1, 2023
    risk 0.42cvss 7.5epss 0.01

    Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.

  • CVE-2023-39553HigAug 11, 2023
    risk 0.42cvss 7.5epss 0.02

    Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an…

  • CVE-2023-34150MedJul 5, 2023
    risk 0.42cvss 6.5epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

  • CVE-2023-29530HigApr 24, 2023
    risk 0.42cvss 7.5epss 0.01

    Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a…

  • CVE-2023-28710HigApr 7, 2023
    risk 0.42cvss 7.5epss 0.02

    Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.

  • CVE-2023-28707HigApr 7, 2023
    risk 0.42cvss 7.5epss 0.02

    Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.

  • CVE-2023-25692HigFeb 24, 2023
    risk 0.42cvss 7.5epss 0.02

    Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

  • CVE-2022-44644MedJan 31, 2023
    risk 0.42cvss 6.5epss 0.01

    In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the…

  • CVE-2023-0434HigJan 22, 2023
    risk 0.42cvss 7.5epss 0.01

    Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.

  • CVE-2023-22460HigJan 4, 2023
    risk 0.42cvss 7.5epss 0.01

    go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes…

  • CVE-2020-36564HigDec 27, 2022
    risk 0.42cvss 7.5epss 0.01

    Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.

  • CVE-2021-28655MedDec 16, 2022
    risk 0.42cvss 6.5epss 0.02

    The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

  • CVE-2022-39306MedNov 9, 2022
    risk 0.42cvss 6.4epss 0.01

    Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the…

  • CVE-2022-42252HigNov 1, 2022
    risk 0.42cvss 7.5epss 0.01

    If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid…

  • CVE-2022-39313HigOct 24, 2022
    risk 0.42cvss 7.5epss 0.01

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service.…

  • CVE-2022-41606MedOct 12, 2022
    risk 0.42cvss 6.5epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

  • CVE-2022-2529HigSep 30, 2022
    risk 0.42cvss 7.5epss 0.01

    sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.

  • CVE-2022-24280MedSep 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP…

  • CVE-2022-36058HigSep 6, 2022
    risk 0.42cvss 7.5epss 0.01

    Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks (historical or actual) could encounter a `MultiESDTNFTTransfer` transaction like this: `MultiESDTNFTTransfer` with a missing function…