VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 172 of 401
  • CVE-2014-9809MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.

  • CVE-2014-9808MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.

  • CVE-2014-9806MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.

  • CVE-2014-9805MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.

  • CVE-2017-7262MedMar 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.

  • CVE-2017-7261MedMar 24, 2017
    risk 0.36cvss 5.5epss 0.00

    The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly…

  • CVE-2015-8678MedMar 24, 2017
    risk 0.36cvss 5.5epss 0.01

    The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before…

  • CVE-2016-9395MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.01

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-9394MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

  • CVE-2016-9390MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

  • CVE-2017-6837MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.03

    WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.

  • CVE-2017-6961MedMar 17, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to…

  • CVE-2014-9645MedMar 12, 2017
    risk 0.36cvss 5.5epss 0.01

    The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /"…

  • CVE-2017-0499MedMar 8, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android…

  • CVE-2017-0488MedMar 8, 2017
    risk 0.36cvss 5.5epss 0.01

    A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0,…

  • CVE-2017-0484MedMar 8, 2017
    risk 0.36cvss 5.5epss 0.01

    A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0,…

  • CVE-2017-0483MedMar 8, 2017
    risk 0.36cvss 5.5epss 0.01

    A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0,…

  • CVE-2016-6247MedMar 7, 2017
    risk 0.36cvss 5.5epss 0.00

    OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.

  • CVE-2016-6243MedMar 7, 2017
    risk 0.36cvss 5.5epss 0.00

    thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.

  • CVE-2016-6239MedMar 7, 2017
    risk 0.36cvss 5.5epss 0.00

    The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.