CWE-20
Improper Input Validation
Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9
CVEs mapped to this weakness (8,003)
page 171 of 401| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10337 | Med | 0.36 | 5.5 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. | ||
| CVE-2017-4897 | Med | 0.36 | 5.5 | 0.01 | May 31, 2017 | VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation… | ||
| CVE-2017-9242 | Med | 0.36 | 5.5 | 0.00 | May 27, 2017 | The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | ||
| CVE-2017-2540 | Med | 0.36 | 5.5 | 0.01 | May 22, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | ||
| CVE-2017-8934 | Med | 0.36 | 5.5 | 0.00 | May 15, 2017 | PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | ||
| CVE-2016-10371 | Med | 0.36 | 5.5 | 0.01 | May 10, 2017 | The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. | ||
| CVE-2017-0355 | Med | 0.36 | 5.5 | 0.00 | May 9, 2017 | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service. | ||
| CVE-2017-0353 | Med | 0.36 | 5.5 | 0.00 | May 9, 2017 | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service | ||
| CVE-2015-7740 | Med | 0.36 | 5.5 | 0.00 | Apr 13, 2017 | Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. | ||
| CVE-2017-7613 | Med | 0.36 | 5.5 | 0.02 | Apr 9, 2017 | elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | ||
| CVE-2017-7609 | Med | 0.36 | 5.5 | 0.02 | Apr 9, 2017 | elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | ||
| CVE-2016-8758 | Med | 0.36 | 5.5 | 0.01 | Apr 2, 2017 | ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). | ||
| CVE-2016-8756 | Med | 0.36 | 5.5 | 0.01 | Apr 2, 2017 | ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart). | ||
| CVE-2015-7847 | Med | 0.36 | 5.5 | 0.00 | Apr 2, 2017 | Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail… | ||
| CVE-2017-6974 | Med | 0.36 | 5.5 | 0.01 | Apr 2, 2017 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app. | ||
| CVE-2017-7346 | Med | 0.36 | 5.5 | 0.00 | Mar 30, 2017 | The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD*… | ||
| CVE-2014-9815 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | ||
| CVE-2014-9813 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | ||
| CVE-2014-9811 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | ||
| CVE-2014-9810 | Med | 0.36 | 5.5 | 0.01 | Mar 30, 2017 | The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. |
- risk 0.36cvss 5.5epss 0.00
In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.
- risk 0.36cvss 5.5epss 0.01
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation…
- risk 0.36cvss 5.5epss 0.00
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
- risk 0.36cvss 5.5epss 0.00
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).
- risk 0.36cvss 5.5epss 0.01
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
- risk 0.36cvss 5.5epss 0.00
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.
- risk 0.36cvss 5.5epss 0.00
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service
- risk 0.36cvss 5.5epss 0.00
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.
- risk 0.36cvss 5.5epss 0.02
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
- risk 0.36cvss 5.5epss 0.02
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
- risk 0.36cvss 5.5epss 0.01
ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).
- risk 0.36cvss 5.5epss 0.01
ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).
- risk 0.36cvss 5.5epss 0.00
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail…
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.
- risk 0.36cvss 5.5epss 0.00
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD*…
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
- risk 0.36cvss 5.5epss 0.01
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
- risk 0.36cvss 5.5epss 0.01
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
- risk 0.36cvss 5.5epss 0.01
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.