VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (6,893)

page 313 of 345
  • CVE-2010-1379Jun 17, 2010
    Apple Inc.
    Mac OS X
    risk 0.00cvss epss 0.02

    Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.

  • CVE-2010-2074Jun 16, 2010
    Tats
    W3m
    risk 0.00cvss epss 0.02

    istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle…

  • CVE-2010-2298Jun 15, 2010
    Google
    Chrome
    risk 0.00cvss epss 0.00

    browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving…

  • CVE-2010-2295Jun 15, 2010
    Google
    Chrome
    risk 0.00cvss epss 0.01

    page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar…

  • CVE-2010-2293Jun 15, 2010
    Dlink
    Di 604\+
    risk 0.00cvss epss 0.00

    The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.

  • CVE-2010-2289Jun 15, 2010
    Juniper Networks
    Secure Access 2000
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter.

  • CVE-2010-2262Jun 10, 2010
    Galileo Students
    Team Weborf
    risk 0.00cvss epss 0.01

    Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header.

  • CVE-2010-0484Jun 8, 2010
    Microsoft
    Windows 2000
    risk 0.00cvss epss 0.02

    The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via…

  • CVE-2010-0819Jun 8, 2010
    Microsoft
    Windows 2000
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to…

  • CVE-2010-0296Jun 1, 2010
    GNU
    Glibc
    risk 0.00cvss epss 0.00

    The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or…

  • CVE-2010-2090May 27, 2010
    IBM
    Communications Server for AIX
    risk 0.00cvss epss 0.01

    The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID…

  • CVE-2010-2079May 25, 2010
    Magnoware
    Datatrack System
    risk 0.00cvss epss 0.00

    DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\ and (2) .ascx\ files.

  • CVE-2010-2078May 25, 2010
    DataTrack
    System 3.5
    risk 0.00cvss epss 0.00

    DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI.

  • CVE-2010-0777May 17, 2010
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.01

    The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive…

  • CVE-2010-0776May 17, 2010
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.01

    The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via…

  • CVE-2010-1567May 14, 2010
    Cisco Systems, Inc.
    Pgw 2200 Softswitch
    risk 0.00cvss epss 0.01

    The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.

  • CVE-2010-1563May 14, 2010
    Cisco Systems, Inc.
    Pgw 2200 Softswitch
    risk 0.00cvss epss 0.01

    The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588.

  • CVE-2010-1562May 14, 2010
    Cisco Systems, Inc.
    Pgw 2200 Softswitch
    risk 0.00cvss epss 0.01

    The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521.

  • CVE-2010-1561May 14, 2010
    Cisco Systems, Inc.
    Pgw 2200 Softswitch
    risk 0.00cvss epss 0.01

    The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115.

  • CVE-2010-0603May 14, 2010
    Cisco Systems, Inc.
    Pgw 2200 Softswitch
    risk 0.00cvss epss 0.01

    The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030.