VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 140 of 401
  • CVE-2016-5298MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.01

    A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox…

  • CVE-2016-5292MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.02

    During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.

  • CVE-2011-4181HigJun 11, 2018
    risk 0.42cvss 7.5epss 0.01

    A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.

  • CVE-2018-4250MedJun 8, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

  • CVE-2018-4247MedJun 8, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site.

  • CVE-2018-4205MedJun 8, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2018-4188MedJun 8, 2018
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It…

  • CVE-2018-4187MedJun 8, 2018
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.

  • CVE-2015-9242HigMay 29, 2018
    risk 0.42cvss 7.5epss 0.02

    Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

  • CVE-2015-9241HigMay 29, 2018
    risk 0.42cvss 7.5epss 0.02

    Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default…

  • CVE-2018-11321MedMay 22, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

  • CVE-2018-11315MedMay 20, 2018
    risk 0.42cvss 6.5epss 0.01

    The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring…

  • CVE-2018-3611MedMay 15, 2018
    risk 0.42cvss 6.5epss 0.02

    Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.

  • CVE-2017-12124MedMay 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this…

  • CVE-2018-10799MedMay 8, 2018
    risk 0.42cvss 6.5epss 0.01

    A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element.

  • CVE-2018-10798MedMay 8, 2018
    risk 0.42cvss 6.5epss 0.01

    A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second.

  • CVE-2018-10657HigMay 2, 2018
    risk 0.42cvss 7.5epss 0.02

    Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.

  • CVE-2017-17318MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.00

    Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http…

  • CVE-2017-12701MedApr 17, 2018
    risk 0.42cvss 6.5epss 0.01

    BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition.

  • CVE-2018-0560MedApr 16, 2018
    risk 0.42cvss 6.5epss 0.01

    Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display.