VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (6,893)

page 243 of 345
  • CVE-2014-6429Sep 20, 2014
    Wireshark
    Wireshark
    risk 0.00cvss epss 0.02

    The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a…

  • CVE-2014-3379Sep 20, 2014
    Cisco Systems, Inc.
    iOS Xr
    risk 0.00cvss epss 0.01

    Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (NPU and card hang or reload) via a malformed MPLS packet, aka Bug ID CSCuq10466.

  • CVE-2014-3378Sep 20, 2014
    Cisco Systems, Inc.
    iOS Xr
    risk 0.00cvss epss 0.01

    tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.

  • CVE-2014-3377Sep 20, 2014
    Cisco Systems, Inc.
    iOS Xr
    risk 0.00cvss epss 0.01

    snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791.

  • CVE-2014-3376Sep 20, 2014
    Cisco Systems, Inc.
    iOS Xr
    risk 0.00cvss epss 0.01

    Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.

  • CVE-2014-4416Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4401Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4400Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4399Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4398Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4397Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4396Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4395Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4394Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.00

    An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability…

  • CVE-2014-4390Sep 19, 2014
    Apple Inc.
    OS X
    risk 0.00cvss epss 0.01

    Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

  • CVE-2014-4383Sep 18, 2014
    Apple Inc.
    iOS
    risk 0.00cvss epss 0.01

    The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

  • CVE-2014-3796Sep 15, 2014
    VMware
    Nsx
    risk 0.00cvss epss 0.00

    VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.

  • CVE-2014-3348Sep 10, 2014
    Cisco Systems, Inc.
    Unified Computing System
    risk 0.00cvss epss 0.02

    The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.

  • CVE-2014-3343Sep 10, 2014
    Cisco Systems, Inc.
    iOS Xr
    risk 0.00cvss epss 0.01

    Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

  • CVE-2014-6029Sep 5, 2014
    Torrentflux
    Torrentflux
    risk 0.00cvss epss 0.01

    TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php.