Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-23 | CVE-2016-7785 | Improper Input Validation vulnerability in Ffmpeg The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | 5.5 |
| 2016-12-22 | CVE-2016-9179 | Improper Input Validation vulnerability in Lynx lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | 7.5 |
| 2016-12-20 | CVE-2016-7267 | Improper Input Validation vulnerability in Microsoft Excel 2010/2013/2016 Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | 5.5 |
| 2016-12-20 | CVE-2016-7266 | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability." | 7.8 |
| 2016-12-18 | CVE-2016-5193 | Improper Input Validation vulnerability in Google Chrome Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | 4.3 |
| 2016-12-18 | CVE-2016-5188 | Improper Input Validation vulnerability in Google Chrome Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | 4.3 |
| 2016-12-18 | CVE-2016-5187 | Improper Input Validation vulnerability in Google Chrome Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 6.5 |
| 2016-12-17 | CVE-2016-9158 | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. | 7.5 |
| 2016-12-16 | CVE-2016-8822 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8820 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. | 6.1 |