Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2014-9872 Improper Input Validation vulnerability in Google Android
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.
local
low complexity
google CWE-20
7.8
2016-08-06 CVE-2014-9866 Improper Input Validation vulnerability in Google Android
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.
local
low complexity
google CWE-20
7.8
2016-08-06 CVE-2014-9864 Improper Input Validation vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.
local
low complexity
google CWE-20
7.8
2016-08-05 CVE-2016-3831 Improper Input Validation vulnerability in Google Android
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
network
low complexity
google CWE-20
7.5
2016-08-05 CVE-2016-3830 Improper Input Validation vulnerability in Google Android
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.
local
low complexity
google CWE-20
5.5
2016-08-05 CVE-2016-3826 Improper Input Validation vulnerability in Google Android
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.
local
low complexity
google CWE-20
7.8
2016-08-05 CVE-2016-6148 Improper Input Validation vulnerability in SAP Hana 1.00.73.00.389160
SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service (process termination) or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136.
network
low complexity
sap CWE-20
7.5
2016-08-05 CVE-2016-5267 Improper Input Validation vulnerability in Mozilla Firefox
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
network
high complexity
mozilla CWE-20
5.3
2016-08-05 CVE-2016-5251 Improper Input Validation vulnerability in Mozilla Firefox
Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.
network
low complexity
mozilla CWE-20
4.3
2016-08-05 CVE-2016-2839 Improper Input Validation vulnerability in Mozilla Firefox
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
network
low complexity
mozilla CWE-20
6.5