VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 58 of 401
  • CVE-2018-11294HigSep 18, 2018
    risk 0.52cvss 8.0epss 0.00

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to…

  • CVE-2018-1999001HigJul 23, 2018
    risk 0.52cvss 8.8epss 0.18

    A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins…

  • CVE-2018-14336HigJul 19, 2018
    risk 0.52cvss 7.5epss 0.08

    TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

  • CVE-2016-10542HigMay 31, 2018
    risk 0.52cvss 7.5epss 0.08

    ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

  • CVE-2018-7449HigMar 4, 2018
    risk 0.52cvss 7.5epss 0.08

    SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.

  • CVE-2017-15667HigDec 28, 2017
    risk 0.52cvss 7.5epss 0.04

    In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.

  • CVE-2017-15956HigOct 29, 2017
    risk 0.52cvss 7.5epss 0.05

    ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.

  • CVE-2017-14087HigOct 6, 2017
    risk 0.52cvss 7.5epss 0.08

    A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

  • CVE-2017-14320HigSep 21, 2017
    risk 0.52cvss 8.0epss 0.01

    Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.

  • CVE-2017-10688HigJun 29, 2017
    risk 0.52cvss 7.5epss 0.07

    In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-6662HigJun 26, 2017
    risk 0.52cvss 8.0epss 0.02

    A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code…

  • CVE-2017-0197HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.19

    Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."

  • CVE-2017-7183HigMar 27, 2017
    risk 0.52cvss 7.5epss 0.06

    The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.

  • CVE-2017-5359HigMar 15, 2017
    risk 0.52cvss 7.5epss 0.07

    EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI.

  • CVE-2017-6367HigMar 14, 2017
    risk 0.52cvss 7.5epss 0.09

    In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.

  • CVE-2016-10079HigFeb 1, 2017
    risk 0.52cvss 7.5epss 0.07

    SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.

  • CVE-2016-9131HigJan 12, 2017
    risk 0.52cvss 7.5epss 0.41

    named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

  • CVE-2016-7266HigDec 20, 2016
    risk 0.52cvss 7.8epss 0.22

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded…

  • CVE-2016-3092HigJul 4, 2016
    risk 0.52cvss 7.5epss 0.36

    The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long…

  • CVE-2016-1336HigJul 3, 2016
    risk 0.52cvss 7.5epss 0.09

    goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.