VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 95 of 401
  • CVE-2016-10464HigApr 18, 2018
    risk 0.49cvss 7.5epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574AU, QCA9377, SD 210/SD 212/SD 205, SD 425, SD 600, SD 650/52, SD 808, SD 810, SD 820, and SDX20, lack of input…

  • CVE-2015-9193HigApr 18, 2018
    risk 0.49cvss 7.5epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD…

  • CVE-2015-9131HigApr 18, 2018
    risk 0.49cvss 7.5epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, lack of input validation in qsee can lead to unauthorized memory access.

  • CVE-2014-9986HigApr 18, 2018
    risk 0.49cvss 7.5epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810,…

  • CVE-2018-5510HigApr 13, 2018
    risk 0.49cvss 7.5epss 0.01

    On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers.

  • CVE-2017-6148HigApr 13, 2018
    risk 0.49cvss 7.5epss 0.01

    Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server.…

  • CVE-2018-0020HigApr 11, 2018
    risk 0.49cvss 7.5epss 0.01

    Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does…

  • CVE-2018-0017HigApr 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service…

  • CVE-2017-1081HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.03

    In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.

  • CVE-2016-10235HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.

  • CVE-2017-13302HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.00

    A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.

  • CVE-2017-13301HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.00

    A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.

  • CVE-2017-13300HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.00

    A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.

  • CVE-2018-9262HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

  • CVE-2018-9260HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.

  • CVE-2018-9259HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

  • CVE-2018-9258HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.

  • CVE-2018-9256HigApr 4, 2018
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.

  • CVE-2018-8779HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.07

    In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.

  • CVE-2018-8049HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.