VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 74 of 401
  • CVE-2017-0676HigJul 6, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.

  • CVE-2017-0675HigJul 6, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227.

  • CVE-2017-0674HigJul 6, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163.

  • CVE-2017-0667HigJul 6, 2017
    risk 0.51cvss 7.8epss 0.00

    A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824.

  • CVE-2017-0665HigJul 6, 2017
    risk 0.51cvss 7.8epss 0.00

    A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.

  • CVE-2017-7369HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.

  • CVE-2016-10338HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.

  • CVE-2015-9033HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.

  • CVE-2014-9965HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.

  • CVE-2014-9962HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.

  • CVE-2017-6638HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to…

  • CVE-2017-2535HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app.

  • CVE-2017-6650HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of…

  • CVE-2017-6649HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An…

  • CVE-2017-9043HigMay 18, 2017
    risk 0.51cvss 7.8epss 0.02

    readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

  • CVE-2014-9933HigMay 16, 2017
    risk 0.51cvss 7.8epss 0.01

    Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.

  • CVE-2016-4838HigMay 12, 2017
    risk 0.51cvss 7.8epss 0.01

    The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for…

  • CVE-2017-0350HigMay 9, 2017
    risk 0.51cvss 7.8epss 0.00

    All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.

  • CVE-2017-0346HigMay 9, 2017
    risk 0.51cvss 7.8epss 0.00

    All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

  • CVE-2017-7721HigApr 30, 2017
    risk 0.51cvss 7.8epss 0.02

    IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file.