VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 81 of 401
  • CVE-2018-14505HigJul 22, 2018
    risk 0.50cvss 8.8epss 0.03

    mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.

  • CVE-2018-3723HigJun 7, 2018
    risk 0.50cvss 8.8epss 0.02

    defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all…

  • CVE-2018-3719HigJun 7, 2018
    risk 0.50cvss 8.8epss 0.02

    mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all…

  • CVE-2017-2617HigMay 22, 2018
    risk 0.50cvss 7.6epss 0.02

    hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.

  • CVE-2018-0961HigMay 9, 2018
    risk 0.50cvss 7.6epss 0.03

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2018-0959HigMay 9, 2018
    risk 0.50cvss 7.6epss 0.09

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows…

  • CVE-2018-1000168HigMay 8, 2018
    risk 0.50cvss 7.5epss 0.11

    nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability…

  • CVE-2016-9587HigApr 24, 2018
    risk 0.50cvss 8.1epss 0.18

    Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use…

  • CVE-2017-9269HigMar 1, 2018
    risk 0.50cvss 7.7epss 0.02

    In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

  • CVE-2017-8955HigFeb 15, 2018
    risk 0.50cvss 7.5epss 0.12

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

  • CVE-2017-5818HigFeb 15, 2018
    risk 0.50cvss 7.5epss 0.12

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

  • CVE-2017-5808HigFeb 15, 2018
    risk 0.50cvss 7.5epss 0.16

    A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

  • CVE-2018-1000026HigFeb 9, 2018
    risk 0.50cvss 7.7epss 0.04

    Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An…

  • CVE-2017-17831HigDec 21, 2017
    risk 0.50cvss 8.8epss 0.04

    GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.

  • CVE-2017-11885MedDec 12, 2017
    risk 0.50cvss 6.6epss 0.46

    Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and…

  • CVE-2017-1001004HigNov 27, 2017
    risk 0.50cvss 8.8epss 0.02

    typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

  • CVE-2017-16227HigOct 29, 2017
    risk 0.50cvss 7.5epss 0.19

    The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid…

  • CVE-2017-11781HigOct 13, 2017
    risk 0.50cvss 7.5epss 0.14

    The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an…

  • CVE-2015-7704HigAug 7, 2017
    risk 0.50cvss 7.5epss 0.11

    The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

  • CVE-2016-2161HigJul 27, 2017
    risk 0.50cvss 7.5epss 0.21

    In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.