Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-11 | CVE-2017-8566 | Improper Input Validation vulnerability in Microsoft Windows 10 and Windows Server 2016 Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability". | 7.0 |
| 2017-07-11 | CVE-2017-7730 | Improper Input Validation vulnerability in Ismartalarm Cubeone Firmware iSmartAlarm cube devices allow Denial of Service. | 7.5 |
| 2017-07-10 | CVE-2017-6735 | Improper Input Validation vulnerability in Cisco Firesight System Software 6.2.0/6.2.1 A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. | 6.7 |
| 2017-07-10 | CVE-2017-6727 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.2(3A) A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. | 5.3 |
| 2017-07-10 | CVE-2017-9791 | Improper Input Validation vulnerability in Apache Struts The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. | 9.8 |
| 2017-07-10 | CVE-2016-10397 | Improper Input Validation vulnerability in PHP In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). | 7.5 |
| 2017-07-08 | CVE-2017-11112 | Improper Input Validation vulnerability in GNU Ncurses 6.0 In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. | 7.5 |
| 2017-07-08 | CVE-2017-11104 | Improper Input Validation vulnerability in multiple products Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | 5.9 |
| 2017-07-07 | CVE-2017-11102 | Improper Input Validation vulnerability in Graphicsmagick 1.3.26 The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. | 7.5 |
| 2017-07-07 | CVE-2017-11099 | Improper Input Validation vulnerability in Swftools 0.9.2 When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. | 8.8 |