Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-11 | CVE-2016-3743 | Improper Input Validation vulnerability in Google Android 6.0/6.0.1 decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656. | 9.8 |
2016-07-11 | CVE-2016-3742 | Improper Input Validation vulnerability in Google Android 6.0/6.0.1 decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659. | 9.8 |
2016-07-11 | CVE-2016-3741 | Improper Input Validation vulnerability in Google Android 6.0/6.0.1 The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661. | 9.8 |
2016-07-08 | CVE-2016-4324 | Improper Input Validation vulnerability in multiple products Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. | 7.8 |
2016-07-07 | CVE-2016-1444 | Improper Input Validation vulnerability in Cisco products The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | 6.5 |
2016-07-07 | CVE-2016-1442 | Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.0/3.1 The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. | 8.8 |
2016-07-06 | CVE-2016-6170 | Improper Input Validation vulnerability in multiple products ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. | 6.5 |
2016-07-04 | CVE-2016-4465 | Improper Input Validation vulnerability in Apache Struts The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. | 5.3 |
2016-07-04 | CVE-2016-4438 | Improper Input Validation vulnerability in Apache Struts The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. | 9.8 |
2016-07-04 | CVE-2016-4433 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. | 7.5 |