CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (8,003)
page 87 of 401| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37794 | — | Hig | 0.49 | 7.5 | 0.00 | Jun 17, 2024 | Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. | |
| CVE-2024-3657 | Hig | 0.49 | 7.5 | 0.01 | May 28, 2024 | A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | ||
| CVE-2024-24981 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2024 | Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | ||
| CVE-2024-23487 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2024 | Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | ||
| CVE-2024-22382 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2024 | Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | ||
| CVE-2024-3676 | Hig | 0.49 | 7.5 | 0.00 | May 14, 2024 | The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's… | ||
| CVE-2024-25581 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2024 | When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing… | ||
| CVE-2024-25583 | Hig | 0.49 | 7.5 | 0.01 | Apr 25, 2024 | A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. | ||
| CVE-2024-27912 | Hig | 0.49 | 7.5 | 0.01 | Apr 5, 2024 | A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. | ||
| CVE-2024-22054 | Hig | 0.49 | 7.5 | 0.01 | Feb 20, 2024 | A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode… | ||
| CVE-2023-49568 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2024 | A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. … | ||
| CVE-2023-40272 | Hig | 0.49 | 7.5 | 0.02 | Aug 17, 2023 | Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that… | ||
| CVE-2023-4241 | — | Hig | 0.49 | 7.5 | 0.01 | Aug 16, 2023 | lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. | |
| CVE-2023-33964 | Hig | 0.49 | 8.6 | 0.01 | May 31, 2023 | mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain… | ||
| CVE-2023-29335 | Hig | 0.49 | 7.5 | 0.01 | May 9, 2023 | Microsoft Word Security Feature Bypass Vulnerability | ||
| CVE-2022-25273 | — | Hig | 0.49 | 7.5 | 0.01 | Apr 26, 2023 | Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker… | |
| CVE-2023-22465 | — | Hig | 0.49 | 7.5 | 0.01 | Jan 4, 2023 | Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily… | |
| CVE-2022-25940 | — | Hig | 0.49 | 7.5 | 0.01 | Dec 20, 2022 | All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. | |
| CVE-2022-46363 | Hig | 0.49 | 7.5 | 0.01 | Dec 13, 2022 | A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check… | ||
| CVE-2022-45470 | Hig | 0.49 | 7.5 | 0.01 | Nov 21, 2022 | missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. |
- risk 0.49cvss 7.5epss 0.00
Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.
- risk 0.49cvss 7.5epss 0.01
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
- risk 0.49cvss 7.5epss 0.00
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.00
Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.00
Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.00
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's…
- risk 0.49cvss 7.5epss 0.01
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing…
- risk 0.49cvss 7.5epss 0.01
A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.
- risk 0.49cvss 7.5epss 0.01
A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.
- risk 0.49cvss 7.5epss 0.01
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode…
- risk 0.49cvss 7.5epss 0.01
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. …
- risk 0.49cvss 7.5epss 0.02
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that…
- risk 0.49cvss 7.5epss 0.01
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.
- risk 0.49cvss 8.6epss 0.01
mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain…
- risk 0.49cvss 7.5epss 0.01
Microsoft Word Security Feature Bypass Vulnerability
- risk 0.49cvss 7.5epss 0.01
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker…
- risk 0.49cvss 7.5epss 0.01
Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the `User-Agent` and `Server` header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily…
- risk 0.49cvss 7.5epss 0.01
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check…
- risk 0.49cvss 7.5epss 0.01
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.