CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (8,003)
page 170 of 401| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13804 | Med | 0.36 | 5.5 | 0.01 | Nov 13, 2017 | An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended… | ||
| CVE-2017-14025 | Med | 0.36 | 5.5 | 0.00 | Nov 6, 2017 | An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the… | ||
| CVE-2017-7119 | Med | 0.36 | 5.5 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | ||
| CVE-2017-7118 | Med | 0.36 | 5.5 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (crash) via a crafted image. | ||
| CVE-2017-7074 | Med | 0.36 | 5.5 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app. | ||
| CVE-2017-7072 | Med | 0.36 | 5.5 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file. | ||
| CVE-2017-12286 | Med | 0.36 | 5.5 | 0.00 | Oct 19, 2017 | A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and… | ||
| CVE-2017-14771 | Med | 0.36 | 5.5 | 0.00 | Oct 3, 2017 | Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can… | ||
| CVE-2017-1000252 | Med | 0.36 | 5.5 | 0.00 | Sep 26, 2017 | The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. | ||
| CVE-2010-3049 | Med | 0.36 | 5.5 | 0.00 | Sep 25, 2017 | Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | ||
| CVE-2017-13685 | Med | 0.36 | 5.5 | 0.02 | Aug 29, 2017 | The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. | ||
| CVE-2017-0724 | Med | 0.36 | 5.5 | 0.00 | Aug 9, 2017 | A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262. | ||
| CVE-2017-7045 | Med | 0.36 | 5.5 | 0.01 | Jul 20, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | ||
| CVE-2017-0696 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2017 | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120. | ||
| CVE-2017-0694 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2017 | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318. | ||
| CVE-2017-0689 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2017 | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950. | ||
| CVE-2017-0672 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2017 | A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578. | ||
| CVE-2017-10674 | Med | 0.36 | 5.5 | 0.00 | Jun 30, 2017 | Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. | ||
| CVE-2017-9778 | Med | 0.36 | 5.5 | 0.01 | Jun 21, 2017 | GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze… | ||
| CVE-2017-7366 | Med | 0.36 | 5.5 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. |
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended…
- risk 0.36cvss 5.5epss 0.00
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the…
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (crash) via a crafted image.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file.
- risk 0.36cvss 5.5epss 0.00
A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and…
- risk 0.36cvss 5.5epss 0.00
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can…
- risk 0.36cvss 5.5epss 0.00
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
- risk 0.36cvss 5.5epss 0.00
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
- risk 0.36cvss 5.5epss 0.02
The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578.
- risk 0.36cvss 5.5epss 0.00
Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call.
- risk 0.36cvss 5.5epss 0.01
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze…
- risk 0.36cvss 5.5epss 0.00
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.