VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 181 of 401
  • CVE-2018-5528MedJun 27, 2018
    risk 0.35cvss 5.3epss 0.01

    Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.

  • CVE-2018-1374MedJun 26, 2018
    risk 0.35cvss 5.3epss 0.01

    An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.

  • CVE-2018-11537MedJun 19, 2018
    risk 0.35cvss 6.5epss 0.01

    Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.

  • CVE-2018-5173MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file…

  • CVE-2018-5138MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded…

  • CVE-2018-5121MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems.…

  • CVE-2018-5110MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects…

  • CVE-2017-7838MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be…

  • CVE-2017-7837MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    SVG loaded through "" tags can use "" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.

  • CVE-2017-7833MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks…

  • CVE-2017-7832MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for…

  • CVE-2017-7829MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.

  • CVE-2017-7825MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This…

  • CVE-2017-7817MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other…

  • CVE-2017-7816MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.

  • CVE-2017-7815MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations…

  • CVE-2017-7791MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox…

  • CVE-2017-7764MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.02

    Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode…

  • CVE-2017-7763MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability…

  • CVE-2017-5463MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.01

    Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not…