VYPR

CWE-345

Insufficient Verification of Data Authenticity

ClassDraft

Description

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-141 · CAPEC-142 · CAPEC-148 · CAPEC-218 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-665 · CAPEC-701

CVEs mapped to this weakness (306)

page 16 of 16
  • CVE-2014-8165Feb 19, 2015
    risk 0.00cvss epss 0.03

    scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

  • CVE-2014-9194Jan 17, 2015
    risk 0.00cvss epss 0.01

    Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.

  • CVE-2014-4883Nov 28, 2014
    risk 0.00cvss epss 0.01

    resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed…

  • CVE-2014-2718Nov 4, 2014
    risk 0.00cvss epss 0.01

    ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle…

  • CVE-2014-0364Apr 30, 2014
    risk 0.00cvss epss 0.06

    The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.

  • CVE-2011-4314Jan 27, 2012
    risk 0.00cvss epss 0.03

    message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote…