VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 87 of 401
  • CVE-2024-37794HigJun 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.

  • CVE-2024-3657HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

  • CVE-2024-24981HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.

  • CVE-2024-23487HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.

  • CVE-2024-22382HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.

  • CVE-2024-3676HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.00

    The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's…

  • CVE-2024-25581HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing…

  • CVE-2024-25583HigApr 25, 2024
    risk 0.49cvss 7.5epss 0.01

    A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

  • CVE-2024-27912HigApr 5, 2024
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.

  • CVE-2024-22054HigFeb 20, 2024
    risk 0.49cvss 7.5epss 0.01

    A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode…

  • CVE-2023-49568HigJan 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. …

  • CVE-2023-40272HigAug 17, 2023
    risk 0.49cvss 7.5epss 0.02

    Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that…

  • CVE-2023-4241HigAug 16, 2023
    risk 0.49cvss 7.5epss 0.01

    lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.

  • CVE-2023-33964HigMay 31, 2023
    risk 0.49cvss 8.6epss 0.01

    mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain…

  • CVE-2023-29335HigMay 9, 2023
    risk 0.49cvss 7.5epss 0.01

    Microsoft Word Security Feature Bypass Vulnerability

  • CVE-2022-25273HigApr 26, 2023
    risk 0.49cvss 7.5epss 0.01

    Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker…

  • CVE-2023-22465HigJan 4, 2023
    risk 0.49cvss 7.5epss 0.01

    Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily…

  • CVE-2022-25940HigDec 20, 2022
    risk 0.49cvss 7.5epss 0.01

    All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

  • CVE-2022-46363HigDec 13, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check…

  • CVE-2022-45470HigNov 21, 2022
    risk 0.49cvss 7.5epss 0.01

    missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.