Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-07-15 CVE-2016-1450 Improper Input Validation vulnerability in Cisco Webex Meetings Server 2.6.0/2.6.1.39
Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715.
network
high complexity
cisco CWE-20
7.5
2016-07-13 CVE-2016-4974 Improper Input Validation vulnerability in Apache Amqp 0-X JMS Client and JMS Client Amqp
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.
network
high complexity
apache CWE-20
7.5
2016-07-12 CVE-2016-5009 Improper Input Validation vulnerability in Redhat products
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
network
low complexity
redhat CWE-20
6.5
2016-07-11 CVE-2016-3766 Improper Input Validation vulnerability in Google Android
MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not check whether memory allocation succeeds, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28471206.
network
low complexity
google CWE-20
7.5
2016-07-11 CVE-2016-3764 Improper Input Validation vulnerability in Google Android
media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive pointer information via a crafted application, aka internal bug 28377502.
local
low complexity
google CWE-20
4.0
2016-07-11 CVE-2016-3763 Improper Input Validation vulnerability in Google Android
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919.
local
low complexity
google CWE-20
3.3
2016-07-11 CVE-2016-3757 Improper Input Validation vulnerability in Google Android
The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237.
local
high complexity
google CWE-20
7.0
2016-07-11 CVE-2016-3756 Improper Input Validation vulnerability in Google Android
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
network
low complexity
google CWE-20
7.5
2016-07-11 CVE-2016-3755 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138.
network
low complexity
google CWE-20
7.5
2016-07-11 CVE-2016-3750 Improper Input Validation vulnerability in Google Android
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
local
low complexity
google CWE-20
7.8