VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 383 of 401
  • CVE-2008-3243Jul 21, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which…

  • CVE-2008-3214Jul 18, 2008
    risk 0.00cvss epss 0.03

    dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.

  • CVE-2008-3230Jul 18, 2008
    risk 0.00cvss epss 0.00

    The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.

  • CVE-2008-3231Jul 18, 2008
    risk 0.00cvss epss 0.02

    xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine.

  • CVE-2008-2933Jul 17, 2008
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that…

  • CVE-2008-3199Jul 17, 2008
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow remote attackers to cause a denial of service (stack consumption) via unknown network traffic with a large "bytes-in-memory/bytes-on-wire ratio."

  • CVE-2008-3145Jul 16, 2008
    risk 0.00cvss epss 0.02

    The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.

  • CVE-2008-1589Jul 14, 2008
    risk 0.00cvss epss 0.01

    Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

  • CVE-2008-1588Jul 14, 2008
    risk 0.00cvss epss 0.02

    Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.

  • CVE-2008-3137Jul 10, 2008
    risk 0.00cvss epss 0.02

    The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

  • CVE-2008-3111Jul 9, 2008
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that…

  • CVE-2008-3081Jul 9, 2008
    risk 0.00cvss epss 0.03

    Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute…

  • CVE-2008-2809Jul 8, 2008
    risk 0.00cvss epss 0.01

    Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the…

  • CVE-2008-2805Jul 7, 2008
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.

  • CVE-2008-2806Jul 7, 2008
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

  • CVE-2008-2988Jul 2, 2008
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/.

  • CVE-2008-2372Jul 2, 2008
    risk 0.00cvss epss 0.00

    The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."

  • CVE-2008-2953Jul 1, 2008
    risk 0.00cvss epss 0.03

    Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference.

  • CVE-2008-2954Jul 1, 2008
    risk 0.00cvss epss 0.04

    client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read.

  • CVE-2008-2957Jul 1, 2008
    risk 0.00cvss epss 0.02

    The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.