VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 71 of 401
  • CVE-2018-5085HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

  • CVE-2018-5084HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

  • CVE-2018-5083HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

  • CVE-2018-5082HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

  • CVE-2018-5081HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

  • CVE-2018-5080HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

  • CVE-2018-5079HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

  • CVE-2017-13858HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-13848HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-17805HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free…

  • CVE-2017-14968HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.

  • CVE-2017-14967HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.

  • CVE-2017-14966HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0.

  • CVE-2017-14965HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc.

  • CVE-2017-14964HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c.

  • CVE-2017-14963HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058.

  • CVE-2017-17804HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084.

  • CVE-2017-17803HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475.

  • CVE-2017-17802HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080.

  • CVE-2017-17801HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060.