Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2017-14344 | Improper Input Validation vulnerability in Jungo Windriver This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. | 7.8 |
| 2017-09-12 | CVE-2017-14335 | Improper Input Validation vulnerability in Hbgk products On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | 7.5 |
| 2017-09-10 | CVE-2017-14231 | Improper Input Validation vulnerability in Genixcms GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. | 5.3 |
| 2017-09-10 | CVE-2017-14230 | Improper Input Validation vulnerability in Cyrus Imap In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. | 9.1 |
| 2017-09-08 | CVE-2016-5759 | Improper Input Validation vulnerability in multiple products The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. | 7.8 |
| 2017-09-07 | CVE-2017-6795 | Improper Input Validation vulnerability in Cisco IOS XE A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 4.4 |
| 2017-09-07 | CVE-2017-6792 | Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. | 6.5 |
| 2017-09-07 | CVE-2017-12223 | Improper Input Validation vulnerability in Cisco Ir800 Integrated Services Router Firmware A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. | 6.4 |
| 2017-09-07 | CVE-2017-12218 | Improper Input Validation vulnerability in Cisco Asyncos A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. | 5.8 |
| 2017-09-07 | CVE-2017-12217 | Improper Input Validation vulnerability in Cisco ASR 5500 Firmware A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. | 5.3 |