VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 171 of 401
  • CVE-2016-10337MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.

  • CVE-2017-4897MedMay 31, 2017
    risk 0.36cvss 5.5epss 0.01

    VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation…

  • CVE-2017-9242MedMay 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.

  • CVE-2017-2540MedMay 22, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

  • CVE-2017-8934MedMay 15, 2017
    risk 0.36cvss 5.5epss 0.00

    PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).

  • CVE-2016-10371MedMay 10, 2017
    risk 0.36cvss 5.5epss 0.01

    The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.

  • CVE-2017-0355MedMay 9, 2017
    risk 0.36cvss 5.5epss 0.00

    All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.

  • CVE-2017-0353MedMay 9, 2017
    risk 0.36cvss 5.5epss 0.00

    All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service

  • CVE-2015-7740MedApr 13, 2017
    risk 0.36cvss 5.5epss 0.00

    Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.

  • CVE-2017-7613MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

  • CVE-2017-7609MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

  • CVE-2016-8758MedApr 2, 2017
    risk 0.36cvss 5.5epss 0.01

    ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).

  • CVE-2016-8756MedApr 2, 2017
    risk 0.36cvss 5.5epss 0.01

    ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).

  • CVE-2015-7847MedApr 2, 2017
    risk 0.36cvss 5.5epss 0.00

    Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail…

  • CVE-2017-6974MedApr 2, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.

  • CVE-2017-7346MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.00

    The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD*…

  • CVE-2014-9815MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.

  • CVE-2014-9813MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.

  • CVE-2014-9811MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.

  • CVE-2014-9810MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.