Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-08-31 CVE-2016-5675 Improper Input Validation vulnerability in multiple products
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
network
low complexity
netgear nuuo CWE-20
critical
9.8
2016-08-31 CVE-2016-5674 Improper Input Validation vulnerability in multiple products
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
network
low complexity
netgear nuuo CWE-20
critical
9.8
2016-08-23 CVE-2016-1484 Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39
Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.
network
low complexity
cisco CWE-20
7.5
2016-08-22 CVE-2016-6361 Improper Input Validation vulnerability in Cisco Aironet Access Point Software
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288.
low complexity
cisco CWE-20
6.5
2016-08-22 CVE-2016-1479 Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
network
low complexity
cisco CWE-20
7.5
2016-08-18 CVE-2016-1365 Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
network
low complexity
cisco CWE-20
8.8
2016-08-09 CVE-2016-3304 Improper Input Validation vulnerability in Microsoft products
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3303.
local
low complexity
microsoft CWE-20
7.8
2016-08-09 CVE-2016-3303 Improper Input Validation vulnerability in Microsoft products
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.
local
low complexity
microsoft CWE-20
7.8
2016-08-09 CVE-2016-3301 Improper Input Validation vulnerability in Microsoft products
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability."
local
low complexity
microsoft CWE-20
7.8
2016-08-08 CVE-2016-0281 Improper Input Validation vulnerability in IBM AIX and Vios
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
network
high complexity
ibm CWE-20
3.7