VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 144 of 401
  • CVE-2014-8324HigOct 17, 2017
    risk 0.42cvss 7.5epss 0.04

    network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.

  • CVE-2014-8323HigOct 17, 2017
    risk 0.42cvss 7.5epss 0.03

    buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.

  • CVE-2017-12222MedSep 29, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could…

  • CVE-2015-3138HigSep 28, 2017
    risk 0.42cvss 7.5epss 0.02

    print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

  • CVE-2010-3050MedSep 25, 2017
    risk 0.42cvss 6.5epss 0.01

    Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

  • CVE-2015-5248MedSep 20, 2017
    risk 0.42cvss 6.5epss 0.01

    Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.

  • CVE-2017-14604MedSep 20, 2017
    risk 0.42cvss 6.5epss 0.02

    GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus…

  • CVE-2015-3419MedSep 19, 2017
    risk 0.42cvss 6.5epss 0.01

    vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.

  • CVE-2017-1556MedSep 13, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.

  • CVE-2017-6792MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and…

  • CVE-2017-12223MedSep 7, 2017
    risk 0.42cvss 6.4epss 0.00

    A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to…

  • CVE-2017-12874HigSep 1, 2017
    risk 0.42cvss 7.5epss 0.01

    The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

  • CVE-2017-3898MedSep 1, 2017
    risk 0.42cvss 5.9epss 0.03

    A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.

  • CVE-2017-0900HigAug 31, 2017
    risk 0.42cvss 7.5epss 0.08

    RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

  • CVE-2017-9945MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.01

    In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart…

  • CVE-2017-13145MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.

  • CVE-2017-13144MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.

  • CVE-2017-12843MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.01

    Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.

  • CVE-2017-13061MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.

  • CVE-2017-12676MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.