CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (8,003)
page 98 of 401| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16753 | Hig | 0.49 | 7.5 | 0.02 | Jan 5, 2018 | An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | ||
| CVE-2017-18019 | — | Hig | 0.49 | 7.1 | 0.01 | Jan 4, 2018 | In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary… | |
| CVE-2014-8119 | Hig | 0.49 | 7.5 | 0.03 | Dec 29, 2017 | The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | ||
| CVE-2017-17846 | Hig | 0.49 | 7.5 | 0.02 | Dec 27, 2017 | An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. | ||
| CVE-2017-14022 | Hig | 0.49 | 7.5 | 0.04 | Dec 23, 2017 | An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to… | ||
| CVE-2017-15324 | Hig | 0.49 | 7.5 | 0.01 | Dec 22, 2017 | Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful… | ||
| CVE-2017-10908 | Hig | 0.49 | 7.5 | 0.04 | Dec 22, 2017 | H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. | ||
| CVE-2017-10868 | Hig | 0.49 | 7.5 | 0.03 | Dec 22, 2017 | H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | ||
| CVE-2017-6140 | Hig | 0.49 | 7.5 | 0.02 | Dec 21, 2017 | On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an… | ||
| CVE-2017-6138 | Hig | 0.49 | 7.5 | 0.02 | Dec 21, 2017 | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles,… | ||
| CVE-2017-6133 | Hig | 0.49 | 7.5 | 0.02 | Dec 21, 2017 | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. | ||
| CVE-2017-6132 | Hig | 0.49 | 7.5 | 0.03 | Dec 21, 2017 | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or… | ||
| CVE-2017-6129 | Hig | 0.49 | 7.5 | 0.02 | Dec 21, 2017 | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the… | ||
| CVE-2017-17537 | Hig | 0.49 | 7.5 | 0.02 | Dec 13, 2017 | MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | ||
| CVE-2017-17065 | Hig | 0.49 | 7.5 | 0.01 | Nov 30, 2017 | An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently… | ||
| CVE-2017-8019 | Hig | 0.49 | 7.5 | 0.02 | Nov 28, 2017 | An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. | ||
| CVE-2017-8167 | Hig | 0.49 | 7.5 | 0.01 | Nov 22, 2017 | Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart. | ||
| CVE-2017-8147 | Hig | 0.49 | 7.5 | 0.01 | Nov 22, 2017 | AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00,… | ||
| CVE-2017-1000230 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2017 | The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. | ||
| CVE-2017-13703 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2017 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. |
- risk 0.49cvss 7.5epss 0.02
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
- risk 0.49cvss 7.1epss 0.01
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary…
- risk 0.49cvss 7.5epss 0.03
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
- risk 0.49cvss 7.5epss 0.04
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to…
- risk 0.49cvss 7.5epss 0.01
Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful…
- risk 0.49cvss 7.5epss 0.04
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
- risk 0.49cvss 7.5epss 0.03
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.
- risk 0.49cvss 7.5epss 0.02
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an…
- risk 0.49cvss 7.5epss 0.02
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles,…
- risk 0.49cvss 7.5epss 0.02
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.
- risk 0.49cvss 7.5epss 0.03
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or…
- risk 0.49cvss 7.5epss 0.02
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the…
- risk 0.49cvss 7.5epss 0.02
MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.
- risk 0.49cvss 7.5epss 0.01
Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart.
- risk 0.49cvss 7.5epss 0.01
AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00,…
- risk 0.49cvss 7.5epss 0.01
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.