VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 169 of 401
  • CVE-2017-5699MedJan 18, 2018
    risk 0.36cvss 5.5epss 0.00

    Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.

  • CVE-2017-17429MedJan 16, 2018
    risk 0.36cvss 5.5epss 0.00

    In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

  • CVE-2017-16556MedJan 16, 2018
    risk 0.36cvss 5.5epss 0.00

    In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.

  • CVE-2014-5003MedJan 10, 2018
    risk 0.36cvss 5.5epss 0.00

    chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.

  • CVE-2014-4994MedJan 10, 2018
    risk 0.36cvss 5.5epss 0.00

    lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.

  • CVE-2017-17967MedDec 28, 2017
    risk 0.36cvss 5.5epss 0.01

    pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.

  • CVE-2017-17862MedDec 27, 2017
    risk 0.36cvss 5.5epss 0.00

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.

  • CVE-2017-17810MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.

  • CVE-2017-17565MedDec 12, 2017
    risk 0.36cvss 5.6epss 0.00

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.

  • CVE-2017-15121MedDec 7, 2017
    risk 0.36cvss 5.5epss 0.00

    A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

  • CVE-2017-8186MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system…

  • CVE-2017-8175MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of parameter validation. An…

  • CVE-2017-8146MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious…

  • CVE-2017-8145MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious…

  • CVE-2017-8143MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the application can access…

  • CVE-2017-2731MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface…

  • CVE-2017-2711MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash…

  • CVE-2017-2709MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the…

  • CVE-2017-1000201MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.00

    The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack

  • CVE-2014-0219MedNov 15, 2017
    risk 0.36cvss 5.5epss 0.01

    Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.