CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (8,003)
page 96 of 401| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7472 | Hig | 0.49 | 7.5 | 0.05 | Apr 3, 2018 | F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request. | ||
| CVE-2018-4142 | Hig | 0.49 | 7.5 | 0.03 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service… | ||
| CVE-2018-9158 | Hig | 0.49 | 7.5 | 0.01 | Apr 1, 2018 | An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are… | ||
| CVE-2014-0486 | Hig | 0.49 | 7.5 | 0.03 | Mar 27, 2018 | Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. | ||
| CVE-2018-5509 | Hig | 0.49 | 7.5 | 0.03 | Mar 22, 2018 | On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue… | ||
| CVE-2018-5503 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2018 | On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. | ||
| CVE-2018-1294 | Hig | 0.49 | 7.5 | 0.03 | Mar 20, 2018 | If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to… | ||
| CVE-2017-18060 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory… | ||
| CVE-2017-18059 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read. | ||
| CVE-2017-18058 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read. | ||
| CVE-2017-18057 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read. | ||
| CVE-2017-18053 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read. | ||
| CVE-2017-18052 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from… | ||
| CVE-2017-18051 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read. | ||
| CVE-2017-14878 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service. | ||
| CVE-2018-1000081 | Hig | 0.49 | 7.5 | 0.01 | Mar 13, 2018 | Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter .. | ||
| CVE-2018-7235 | Hig | 0.49 | 7.5 | 0.02 | Mar 9, 2018 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file' | ||
| CVE-2016-8786 | Hig | 0.49 | 7.5 | 0.02 | Mar 9, 2018 | Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00,… | ||
| CVE-2017-6154 | Hig | 0.49 | 7.5 | 0.02 | Mar 1, 2018 | On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. | ||
| CVE-2017-6150 | Hig | 0.49 | 7.5 | 0.02 | Mar 1, 2018 | Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). |
- risk 0.49cvss 7.5epss 0.05
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.
- risk 0.49cvss 7.5epss 0.03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are…
- risk 0.49cvss 7.5epss 0.03
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.
- risk 0.49cvss 7.5epss 0.03
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue…
- risk 0.49cvss 7.5epss 0.02
On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action.
- risk 0.49cvss 7.5epss 0.03
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to…
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory…
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from…
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service.
- risk 0.49cvss 7.5epss 0.01
Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter ..
- risk 0.49cvss 7.5epss 0.02
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
- risk 0.49cvss 7.5epss 0.02
Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00,…
- risk 0.49cvss 7.5epss 0.02
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.
- risk 0.49cvss 7.5epss 0.02
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).