VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 89 of 401
  • CVE-2020-10204HigApr 1, 2020
    risk 0.49cvss 7.2epss 0.24

    Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.

  • CVE-2019-17561HigMar 30, 2020
    risk 0.49cvss 7.5epss 0.02

    The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

  • CVE-2020-5403HigMar 3, 2020
    risk 0.49cvss 7.5epss 0.01

    Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

  • CVE-2019-10790HigFeb 17, 2020
    risk 0.49cvss 7.5epss 0.02

    taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB.…

  • CVE-2020-6638HigJan 21, 2020
    risk 0.49cvss 7.5epss 0.01

    Grin through 2.1.1 has Insufficient Validation.

  • CVE-2019-19729HigDec 11, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects…

  • CVE-2019-11289HigNov 19, 2019
    risk 0.49cvss 8.6epss 0.02

    Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

  • CVE-2019-18608HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by…

  • CVE-2018-17201HigMay 6, 2019
    risk 0.49cvss 7.5epss 0.02

    Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.

  • CVE-2019-9826HigMay 2, 2019
    risk 0.49cvss 7.5epss 0.02

    The fulltext search component in phpBB before 3.2.6 allows Denial of Service.

  • CVE-2018-16561HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful…

  • CVE-2019-6690HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.09

    python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input…

  • CVE-2019-0200HigMar 6, 2019
    risk 0.49cvss 7.5epss 0.04

    A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91…

  • CVE-2018-16472HigNov 6, 2018
    risk 0.49cvss 7.5epss 0.02

    A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.

  • CVE-2018-11804HigOct 24, 2018
    risk 0.49cvss 7.5epss 0.06

    Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts…

  • CVE-2016-7475HigOct 8, 2018
    risk 0.49cvss 7.5epss 0.01

    Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.

  • CVE-2018-15960HigSep 25, 2018
    risk 0.49cvss 7.5epss 0.06

    Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.

  • CVE-2018-11071HigSep 18, 2018
    risk 0.49cvss 7.5epss 0.02

    Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may…

  • CVE-2018-1330HigSep 13, 2018
    risk 0.49cvss 7.5epss 0.04

    When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can…

  • CVE-2018-5549HigSep 13, 2018
    risk 0.49cvss 7.5epss 0.02

    On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.