Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-07-23 CVE-2016-1706 Improper Input Validation vulnerability in Google Chrome
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
network
low complexity
google CWE-20
critical
9.6
2016-07-22 CVE-2016-5874 Improper Input Validation vulnerability in Siemens Simatic NET Pc-Software 13
Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.
network
low complexity
siemens CWE-20
7.5
2016-07-22 CVE-2016-5743 Improper Input Validation vulnerability in Siemens Simatic Batch and Simatic Wincc
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
network
low complexity
siemens CWE-20
critical
9.8
2016-07-22 CVE-2016-6224 Improper Input Validation vulnerability in multiple products
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
ecryptfs canonical CWE-20
3.3
2016-07-22 CVE-2015-8946 Improper Input Validation vulnerability in multiple products
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
canonical ecryptfs CWE-20
3.3
2016-07-22 CVE-2016-4641 Improper Input Validation vulnerability in Apple mac OS X
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."
local
low complexity
apple CWE-20
7.3
2016-07-22 CVE-2016-4594 Improper Input Validation vulnerability in Apple products
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
local
low complexity
apple CWE-20
7.8
2016-07-22 CVE-2016-4590 Improper Input Validation vulnerability in Apple Safari
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
apple CWE-20
5.4
2016-07-19 CVE-2016-2775 Improper Input Validation vulnerability in multiple products
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
network
high complexity
hp isc fedoraproject redhat CWE-20
5.9
2016-07-15 CVE-2016-4372 Improper Input Validation vulnerability in HP products
HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
hp CWE-20
critical
9.8