Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-09-14 CVE-2016-3292 Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11
Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
network
high complexity
microsoft CWE-20
5.0
2016-09-12 CVE-2016-6399 Improper Input Validation vulnerability in Cisco products
Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.
network
low complexity
cisco CWE-20
7.5
2016-09-12 CVE-2016-6396 Improper Input Validation vulnerability in Cisco Firesight System Software
Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482.
network
low complexity
cisco CWE-20
5.3
2016-09-12 CVE-2016-4852 Improper Input Validation vulnerability in Aki-Null Yorufukurou
YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence.
network
low complexity
aki-null CWE-20
6.5
2016-09-12 CVE-2016-7129 Improper Input Validation vulnerability in PHP
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.
network
low complexity
php CWE-20
critical
9.8
2016-09-09 CVE-2016-1277 Improper Input Validation vulnerability in Juniper Junos
Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R6, 15.1 before 15.1F6 or 15.1R3, and 15.1X49 before 15.1X49-D40, when configured with a GRE or IPIP tunnel, allow remote attackers to cause a denial of service (kernel panic) via a crafted ICMP packet.
network
high complexity
juniper CWE-20
5.9
2016-09-09 CVE-2016-1263 Improper Input Validation vulnerability in Juniper Junos
Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9-S1, 14.1 before 14.1R7, 14.2 before 14.2R6, 15.1 before 15.1F2-S5, 15.1F4 before 15.1F4-S2, 15.1R before 15.1R2-S3, 15.1 before 15.1R3, and 15.1X49 before 15.1X49-D40 allow remote attackers to cause a denial of service (kernel crash) via a crafted UDP packet destined to the interface IP address of a 64-bit OS device.
network
low complexity
juniper CWE-20
7.5
2016-09-03 CVE-2016-1464 Improper Input Validation vulnerability in Cisco Webex WRF Player T29 Sp10Base
Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
local
low complexity
cisco CWE-20
7.8
2016-09-02 CVE-2016-5879 Improper Input Validation vulnerability in IBM MQ Appliance Firmware 8.0
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.
local
low complexity
ibm CWE-20
8.8
2016-09-02 CVE-2016-1472 Improper Input Validation vulnerability in Cisco Small Business 220 Series Smart Plus Switches 1.0.0.17/1.0.0.18/1.0.0.19
The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238.
network
low complexity
cisco CWE-20
7.5