Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2016-3743 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.
network
low complexity
google CWE-20
critical
9.8
2016-07-11 CVE-2016-3742 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659.
network
low complexity
google CWE-20
critical
9.8
2016-07-11 CVE-2016-3741 Improper Input Validation vulnerability in Google Android 6.0/6.0.1
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
network
low complexity
google CWE-20
critical
9.8
2016-07-08 CVE-2016-4324 Improper Input Validation vulnerability in multiple products
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.
local
low complexity
debian libreoffice canonical CWE-20
7.8
2016-07-07 CVE-2016-1444 Improper Input Validation vulnerability in Cisco products
The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
network
low complexity
cisco CWE-20
6.5
2016-07-07 CVE-2016-1442 Improper Input Validation vulnerability in Cisco Prime Infrastructure 3.0/3.1
The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280.
network
low complexity
cisco CWE-20
8.8
2016-07-06 CVE-2016-6170 Improper Input Validation vulnerability in multiple products
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
network
low complexity
isc redhat CWE-20
6.5
2016-07-04 CVE-2016-4465 Improper Input Validation vulnerability in Apache Struts
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
network
low complexity
apache CWE-20
5.3
2016-07-04 CVE-2016-4438 Improper Input Validation vulnerability in Apache Struts
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
network
low complexity
apache CWE-20
critical
9.8
2016-07-04 CVE-2016-4433 Improper Input Validation vulnerability in Apache Struts
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
network
low complexity
apache CWE-20
7.5