CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Parents

CWE-707

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (5,723)

page 76 of 287

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-2839	—	Med	0.42	6.5	0.01	Aug 5, 2016	Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
CVE-2016-5135	—	Med	0.42	6.5	0.00	Jul 23, 2016	WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element.
CVE-2016-1707	Google Chrome	Med	0.42	6.5	0.01	Jul 23, 2016	ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.
CVE-2016-2775	—	Med	0.42	5.9	0.43	Jul 19, 2016	ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2016-5009	—	Med	0.42	6.5	0.01	Jul 12, 2016	The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2016-1444	—	Med	0.42	6.5	0.00	Jul 7, 2016	The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
CVE-2016-4433	Apache Struts	Hig	0.42	7.5	0.04	Jul 4, 2016	Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
CVE-2016-4431	—	Hig	0.42	7.5	0.08	Jul 4, 2016	Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
CVE-2016-1434	Cisco Systems, Inc. Ip Phone 8800 Series Firmware	Med	0.42	6.5	0.00	Jun 23, 2016	The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
CVE-2016-4530	Osisoft Pi SQL Data Access Server 2016	Med	0.42	6.5	0.01	Jun 19, 2016	OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message.
CVE-2016-4518	Osisoft Pi Af Server 2016	Med	0.42	6.5	0.00	Jun 19, 2016	OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message.
CVE-2016-4425	Jansson Project Jansson	Med	0.42	6.5	0.01	May 17, 2016	Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
CVE-2015-4598	PHP PHP	Med	0.42	6.5	0.01	May 16, 2016	PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
CVE-2015-3411	PHP PHP	Med	0.42	6.5	0.00	May 16, 2016	PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.
CVE-2016-1665	OpenSUSE openSUSE	Med	0.42	6.5	0.02	May 14, 2016	The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
CVE-2016-3950	Huawei Ar3200 Firmware	Med	0.42	6.5	0.00	Apr 18, 2016	Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
CVE-2016-1654	Debian Debian Linux	Med	0.42	6.5	0.02	Apr 18, 2016	The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
CVE-2016-2411	Google Android	Med	0.42	6.5	0.00	Apr 18, 2016	A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
CVE-2016-1338	Cisco Systems, Inc. Telepresence Video Communication Server Software	Med	0.42	6.5	0.00	Mar 12, 2016	Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.
CVE-2016-2537	Is My Json Valid Project Is My JSON Valid	Hig	0.42	7.5	0.01	Feb 23, 2016	The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.

CVE-2016-2839MedAug 5, 2016
risk 0.42cvss 6.5epss 0.01
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
CVE-2016-5135MedJul 23, 2016
risk 0.42cvss 6.5epss 0.00
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element.
CVE-2016-1707MedJul 23, 2016
Google
Chrome
risk 0.42cvss 6.5epss 0.01
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.
CVE-2016-2775MedJul 19, 2016
risk 0.42cvss 5.9epss 0.43
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2016-5009MedJul 12, 2016
risk 0.42cvss 6.5epss 0.01
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
CVE-2016-1444MedJul 7, 2016
risk 0.42cvss 6.5epss 0.00
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
CVE-2016-4433HigJul 4, 2016
Apache
Struts
risk 0.42cvss 7.5epss 0.04
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
CVE-2016-4431HigJul 4, 2016
risk 0.42cvss 7.5epss 0.08
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
CVE-2016-1434MedJun 23, 2016
Cisco Systems, Inc.
Ip Phone 8800 Series Firmware
risk 0.42cvss 6.5epss 0.00
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
CVE-2016-4530MedJun 19, 2016
Osisoft
Pi SQL Data Access Server 2016
risk 0.42cvss 6.5epss 0.01
OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message.
CVE-2016-4518MedJun 19, 2016
Osisoft
Pi Af Server 2016
risk 0.42cvss 6.5epss 0.00
OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message.
CVE-2016-4425MedMay 17, 2016
Jansson Project
Jansson
risk 0.42cvss 6.5epss 0.01
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
CVE-2015-4598MedMay 16, 2016
PHP
PHP
risk 0.42cvss 6.5epss 0.01
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
CVE-2015-3411MedMay 16, 2016
PHP
PHP
risk 0.42cvss 6.5epss 0.00
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.
CVE-2016-1665MedMay 14, 2016
OpenSUSE
openSUSE
risk 0.42cvss 6.5epss 0.02
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
CVE-2016-3950MedApr 18, 2016
Huawei
Ar3200 Firmware
risk 0.42cvss 6.5epss 0.00
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
CVE-2016-1654MedApr 18, 2016
Debian
Debian Linux
risk 0.42cvss 6.5epss 0.02
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
CVE-2016-2411MedApr 18, 2016
Google
Android
risk 0.42cvss 6.5epss 0.00
A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.
CVE-2016-1338MedMar 12, 2016
Cisco Systems, Inc.
Telepresence Video Communication Server Software
risk 0.42cvss 6.5epss 0.00
Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.
CVE-2016-2537HigFeb 23, 2016
Is My Json Valid Project
Is My JSON Valid
risk 0.42cvss 7.5epss 0.01
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.