Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-08-08 CVE-2016-1478 Improper Input Validation vulnerability in Cisco IOS
Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.
network
low complexity
cisco CWE-20
7.5
2016-08-08 CVE-2016-1430 Improper Input Validation vulnerability in Cisco products
Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592.
network
low complexity
cisco CWE-20
8.8
2016-08-07 CVE-2016-6515 Improper Input Validation vulnerability in multiple products
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
network
low complexity
openbsd fedoraproject CWE-20
7.5
2016-08-07 CVE-2016-5340 Improper Input Validation vulnerability in multiple products
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
local
low complexity
google linux CWE-20
7.8
2016-08-07 CVE-2014-9410 Improper Input Validation vulnerability in Linux Kernel
The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
network
low complexity
linux CWE-20
critical
9.8
2016-08-07 CVE-2016-5141 Improper Input Validation vulnerability in Google Chrome
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
network
low complexity
google CWE-20
7.5
2016-08-07 CVE-2016-5358 Improper Input Validation vulnerability in multiple products
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
high complexity
wireshark oracle CWE-20
5.9
2016-08-07 CVE-2016-5357 Improper Input Validation vulnerability in multiple products
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
network
high complexity
wireshark oracle CWE-20
5.9
2016-08-07 CVE-2016-5355 Improper Input Validation vulnerability in Wireshark
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
network
high complexity
wireshark CWE-20
5.9
2016-08-07 CVE-2016-5353 Improper Input Validation vulnerability in Wireshark
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
network
high complexity
wireshark CWE-20
5.9