CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (6,893)
page 345 of 345| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-2354 | 0.00 | — | 0.01 | Dec 31, 2002 | Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | |||
| CVE-2002-2415 | 0.00 | — | 0.01 | Dec 31, 2002 | Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service. | |||
| CVE-2002-2329 | 0.00 | — | 0.01 | Dec 31, 2002 | ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | |||
| CVE-2002-2322 | 0.00 | — | 0.00 | Dec 31, 2002 | Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | |||
| CVE-2002-1360 | 0.00 | — | 0.04 | Dec 23, 2002 | Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the… | |||
| CVE-2002-1358 | 0.00 | — | 0.04 | Dec 23, 2002 | Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | |||
| CVE-2002-1175 | 0.00 | — | 0.01 | Oct 11, 2002 | The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the… | |||
| CVE-2002-0146 | 0.00 | — | 0.01 | Jun 25, 2002 | fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. | |||
| CVE-2001-1584 | 0.00 | — | 0.01 | Dec 31, 2001 | CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field. | |||
| CVE-2001-0427 | 0.00 | — | 0.01 | Jun 18, 2001 | Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. | |||
| CVE-1999-0001 | 0.00 | — | 0.01 | Dec 30, 1999 | ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. | |||
| CVE-1999-1547 | 0.00 | — | 0.01 | Nov 25, 1999 | Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. | |||
| CVE-1999-0265 | 0.00 | — | 0.01 | Jan 1, 1997 | ICMP redirect messages may crash or lock up a host. |
- CVE-2002-2354Dec 31, 2002risk 0.00cvss —epss 0.01
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
- CVE-2002-2415Dec 31, 2002risk 0.00cvss —epss 0.01
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
- CVE-2002-2329Dec 31, 2002risk 0.00cvss —epss 0.01
ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons.
- CVE-2002-2322Dec 31, 2002risk 0.00cvss —epss 0.00
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.
- CVE-2002-1360Dec 23, 2002risk 0.00cvss —epss 0.04
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the…
- CVE-2002-1358Dec 23, 2002risk 0.00cvss —epss 0.04
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
- CVE-2002-1175Oct 11, 2002risk 0.00cvss —epss 0.01
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the…
- CVE-2002-0146Jun 25, 2002risk 0.00cvss —epss 0.01
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
- CVE-2001-1584Dec 31, 2001risk 0.00cvss —epss 0.01
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
- CVE-2001-0427Jun 18, 2001risk 0.00cvss —epss 0.01
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
- CVE-1999-0001Dec 30, 1999risk 0.00cvss —epss 0.01
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
- CVE-1999-1547Nov 25, 1999risk 0.00cvss —epss 0.01
Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.
- CVE-1999-0265Jan 1, 1997risk 0.00cvss —epss 0.01
ICMP redirect messages may crash or lock up a host.