CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Parents

CWE-707

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (5,718)

page 46 of 286

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-16227	Hig	0.49	7.5	0.01	Oct 29, 2017	The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
CVE-2017-15928	Hig	0.49	7.5	0.00	Oct 27, 2017	In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.
CVE-2017-1210	Hig	0.49	7.5	0.00	Oct 24, 2017	IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850.
CVE-2017-2132	Hig	0.49	7.5	0.01	Oct 20, 2017	Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.
CVE-2014-8324	Hig	0.49	7.5	0.08	Oct 17, 2017	network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
CVE-2014-8323	Hig	0.49	7.5	0.08	Oct 17, 2017	buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
CVE-2017-10610	Hig	0.49	7.5	0.00	Oct 13, 2017	On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue.
CVE-2017-5721	Hig	0.49	7.5	0.04	Oct 11, 2017	Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.
CVE-2017-9272	Hig	0.49	7.5	0.00	Oct 6, 2017	The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.
CVE-2017-1002153	Hig	0.49	7.5	0.00	Oct 6, 2017	Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
CVE-2017-8018	Hig	0.49	7.5	0.01	Oct 3, 2017	EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-14944	Hig	0.49	7.5	0.00	Sep 30, 2017	Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
CVE-2017-14935	Hig	0.49	7.5	0.00	Sep 30, 2017	Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.
CVE-2015-3138	Hig	0.49	7.5	0.01	Sep 28, 2017	print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
CVE-2015-7318	Hig	0.49	7.5	0.00	Sep 25, 2017	Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
CVE-2017-9793	Hig	0.49	7.5	0.08	Sep 20, 2017	The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
CVE-2015-5179	Hig	0.49	7.5	0.00	Sep 20, 2017	FreeIPA might display user data improperly via vectors involving non-printable characters.
CVE-2017-14511	Hig	0.49	7.5	0.01	Sep 17, 2017	An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.
CVE-2017-14430	Hig	0.49	7.5	0.01	Sep 13, 2017	D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
CVE-2017-12869	Hig	0.49	7.5	0.00	Sep 1, 2017	The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.

CVE-2017-16227HigOct 29, 2017
risk 0.49cvss 7.5epss 0.01
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
CVE-2017-15928HigOct 27, 2017
risk 0.49cvss 7.5epss 0.00
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.
CVE-2017-1210HigOct 24, 2017
risk 0.49cvss 7.5epss 0.00
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850.
CVE-2017-2132HigOct 20, 2017
risk 0.49cvss 7.5epss 0.01
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.
CVE-2014-8324HigOct 17, 2017
risk 0.49cvss 7.5epss 0.08
network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
CVE-2014-8323HigOct 17, 2017
risk 0.49cvss 7.5epss 0.08
buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
CVE-2017-10610HigOct 13, 2017
risk 0.49cvss 7.5epss 0.00
On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue.
CVE-2017-5721HigOct 11, 2017
risk 0.49cvss 7.5epss 0.04
Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.
CVE-2017-9272HigOct 6, 2017
risk 0.49cvss 7.5epss 0.00
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.
CVE-2017-1002153HigOct 6, 2017
risk 0.49cvss 7.5epss 0.00
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
CVE-2017-8018HigOct 3, 2017
risk 0.49cvss 7.5epss 0.01
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-14944HigSep 30, 2017
risk 0.49cvss 7.5epss 0.00
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
CVE-2017-14935HigSep 30, 2017
risk 0.49cvss 7.5epss 0.00
Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.
CVE-2015-3138HigSep 28, 2017
risk 0.49cvss 7.5epss 0.01
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
CVE-2015-7318HigSep 25, 2017
risk 0.49cvss 7.5epss 0.00
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
CVE-2017-9793HigSep 20, 2017
risk 0.49cvss 7.5epss 0.08
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
CVE-2015-5179HigSep 20, 2017
risk 0.49cvss 7.5epss 0.00
FreeIPA might display user data improperly via vectors involving non-printable characters.
CVE-2017-14511HigSep 17, 2017
risk 0.49cvss 7.5epss 0.01
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.
CVE-2017-14430HigSep 13, 2017
risk 0.49cvss 7.5epss 0.01
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
CVE-2017-12869HigSep 1, 2017
risk 0.49cvss 7.5epss 0.00
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.