CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Parents

CWE-707

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (5,727)

page 91 of 287

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-7613	Debian Debian Linux	Med	0.36	5.5	0.01	Apr 9, 2017	elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2017-7609	Elfutils Project Elfutils	Med	0.36	5.5	0.00	Apr 9, 2017	elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2016-8758	Huawei Mate 8 Firmware	Med	0.36	5.5	0.00	Apr 2, 2017	ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).
CVE-2016-8756	Huawei Mate 8 Firmware	Med	0.36	5.5	0.00	Apr 2, 2017	ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).
CVE-2015-7847	Huawei E3272s Firmware	Med	0.36	5.5	0.00	Apr 2, 2017	Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.
CVE-2017-6974	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	Apr 2, 2017	An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.
CVE-2017-7346	Linux Kernel	Med	0.36	5.5	0.00	Mar 30, 2017	The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
CVE-2014-9815	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
CVE-2014-9813	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
CVE-2014-9811	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
CVE-2014-9810	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
CVE-2014-9809	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
CVE-2014-9808	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
CVE-2014-9806	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
CVE-2014-9805	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 30, 2017	ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
CVE-2017-7262	AMD Ryzen	Med	0.36	5.5	0.00	Mar 25, 2017	The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.
CVE-2017-7261	Linux Kernel	Med	0.36	5.5	0.00	Mar 24, 2017	The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.
CVE-2015-8678	—	Med	0.36	5.5	0.00	Mar 24, 2017	The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.
CVE-2016-9395	Jasper Project Jasper	Med	0.36	5.5	0.00	Mar 23, 2017	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9394	Jasper Project Jasper	Med	0.36	5.5	0.00	Mar 23, 2017	The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.

CVE-2017-7613MedApr 9, 2017
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.01
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2017-7609MedApr 9, 2017
Elfutils Project
Elfutils
risk 0.36cvss 5.5epss 0.00
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2016-8758MedApr 2, 2017
Huawei
Mate 8 Firmware
risk 0.36cvss 5.5epss 0.00
ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).
CVE-2016-8756MedApr 2, 2017
Huawei
Mate 8 Firmware
risk 0.36cvss 5.5epss 0.00
ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).
CVE-2015-7847MedApr 2, 2017
Huawei
E3272s Firmware
risk 0.36cvss 5.5epss 0.00
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.
CVE-2017-6974MedApr 2, 2017
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.
CVE-2017-7346MedMar 30, 2017
Linux
Kernel
risk 0.36cvss 5.5epss 0.00
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
CVE-2014-9815MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
CVE-2014-9813MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
CVE-2014-9811MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
CVE-2014-9810MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
CVE-2014-9809MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
CVE-2014-9808MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
CVE-2014-9806MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
CVE-2014-9805MedMar 30, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
CVE-2017-7262MedMar 25, 2017
AMD
Ryzen
risk 0.36cvss 5.5epss 0.00
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.
CVE-2017-7261MedMar 24, 2017
Linux
Kernel
risk 0.36cvss 5.5epss 0.00
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.
CVE-2015-8678MedMar 24, 2017
risk 0.36cvss 5.5epss 0.00
The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application.
CVE-2016-9395MedMar 23, 2017
Jasper Project
Jasper
risk 0.36cvss 5.5epss 0.00
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9394MedMar 23, 2017
Jasper Project
Jasper
risk 0.36cvss 5.5epss 0.00
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.