CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Parents

CWE-707

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (6,921)

page 218 of 347

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2019-14243	—	—	0.04	Jul 23, 2019	headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with…
CVE-2018-17196	Apache Kafka	—	0.05	Jul 11, 2019	In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users…
CVE-2019-10134	Moodle Moodle	—	0.01	Jun 26, 2019	A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
CVE-2018-15747	—	—	0.04	Jun 21, 2019	The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.
CVE-2019-11832	—	—	0.04	May 9, 2019	TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
CVE-2019-10742	Axios Axios	—	0.06	May 7, 2019	Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
CVE-2018-17201	—	—	0.02	May 6, 2019	Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
CVE-2019-3564	Facebook Facebook	—	0.02	May 6, 2019	Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…
CVE-2019-9826	—	—	0.02	May 2, 2019	The fulltext search component in phpBB before 3.2.6 allows Denial of Service.
CVE-2019-0214	Apache Archiva	—	0.05	Apr 30, 2019	In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.
CVE-2018-20835	Mafintosh Tar Fs	—	0.02	Apr 30, 2019	A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file…
CVE-2018-7577	Google Snappy	—	0.00	Apr 24, 2019	Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.
CVE-2015-1326	—	—	0.02	Apr 22, 2019	python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
CVE-2019-11340	Matrix Org Sydent	—	0.02	Apr 19, 2019	util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on…
CVE-2019-9845	Madskristensen Miniblog.core	—	0.03	Apr 16, 2019	madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension.
CVE-2019-11228	Go Gitea Gitea	—	0.01	Apr 13, 2019	repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
CVE-2019-11069	Sequelize Sequelize	—	0.02	Apr 10, 2019	Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
CVE-2019-10648	Robo Code Robocode	—	0.02	Mar 30, 2019	Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.
CVE-2019-0200	Apache Qpid Broker J	—	0.04	Mar 6, 2019	A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91…
CVE-2017-15720	Apache Airflow	—	0.02	Jan 23, 2019	In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

CVE-2019-14243Jul 23, 2019
risk 0.00cvss —epss 0.04
headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with…
CVE-2018-17196Jul 11, 2019
Apache
Kafka
risk 0.00cvss —epss 0.05
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users…
CVE-2019-10134Jun 26, 2019
Moodle
Moodle
risk 0.00cvss —epss 0.01
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
CVE-2018-15747Jun 21, 2019
risk 0.00cvss —epss 0.04
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.
CVE-2019-11832May 9, 2019
risk 0.00cvss —epss 0.04
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
CVE-2019-10742May 7, 2019
Axios
Axios
risk 0.00cvss —epss 0.06
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
CVE-2018-17201May 6, 2019
risk 0.00cvss —epss 0.02
Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
CVE-2019-3564May 6, 2019
Facebook
Facebook
risk 0.00cvss —epss 0.02
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…
CVE-2019-9826May 2, 2019
risk 0.00cvss —epss 0.02
The fulltext search component in phpBB before 3.2.6 allows Denial of Service.
CVE-2019-0214Apr 30, 2019
Apache
Archiva
risk 0.00cvss —epss 0.05
In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file.
CVE-2018-20835Apr 30, 2019
Mafintosh
Tar Fs
risk 0.00cvss —epss 0.02
A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file…
CVE-2018-7577Apr 24, 2019
Google
Snappy
risk 0.00cvss —epss 0.00
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.
CVE-2015-1326Apr 22, 2019
risk 0.00cvss —epss 0.02
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
CVE-2019-11340Apr 19, 2019
Matrix Org
Sydent
risk 0.00cvss —epss 0.02
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on…
CVE-2019-9845Apr 16, 2019
Madskristensen
Miniblog.core
risk 0.00cvss —epss 0.03
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension.
CVE-2019-11228Apr 13, 2019
Go Gitea
Gitea
risk 0.00cvss —epss 0.01
repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
CVE-2019-11069Apr 10, 2019
Sequelize
Sequelize
risk 0.00cvss —epss 0.02
Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used.
CVE-2019-10648Mar 30, 2019
Robo Code
Robocode
risk 0.00cvss —epss 0.02
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.
CVE-2019-0200Mar 6, 2019
Apache
Qpid Broker J
risk 0.00cvss —epss 0.04
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91…
CVE-2017-15720Jan 23, 2019
Apache
Airflow
risk 0.00cvss —epss 0.02
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.