VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 146 of 401
  • CVE-2016-7821MedJun 9, 2017
    risk 0.42cvss 6.5epss 0.02

    Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.

  • CVE-2015-8538MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.01

    dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).

  • CVE-2015-3830MedJun 6, 2017
    risk 0.42cvss 6.5epss 0.00

    The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.

  • CVE-2017-9263MedMay 29, 2017
    risk 0.42cvss 6.5epss 0.01

    In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a…

  • CVE-2016-2165MedMay 25, 2017
    risk 0.42cvss 6.5epss 0.01

    The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow…

  • CVE-2017-9144MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.

  • CVE-2017-9142MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.

  • CVE-2017-9141MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.

  • CVE-2017-2511MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.

  • CVE-2017-2495MedMay 22, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly…

  • CVE-2017-9065HigMay 18, 2017
    risk 0.42cvss 7.5epss 0.04

    In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

  • CVE-2017-6865MedMay 11, 2017
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC…

  • CVE-2017-7957HigApr 29, 2017
    risk 0.42cvss 7.5epss 0.05

    XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("") call.

  • CVE-2017-8219MedApr 25, 2017
    risk 0.42cvss 6.5epss 0.01

    TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.

  • CVE-2016-7536MedApr 20, 2017
    risk 0.42cvss 6.5epss 0.03

    magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.

  • CVE-2015-4646HigApr 13, 2017
    risk 0.42cvss 7.5epss 0.07

    (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.

  • CVE-2017-7606MedApr 9, 2017
    risk 0.42cvss 6.5epss 0.02

    coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted…

  • CVE-2016-8764MedApr 2, 2017
    risk 0.42cvss 6.4epss 0.00

    The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows…

  • CVE-2016-8275MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.

  • CVE-2015-8670MedApr 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service.