Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-02-17 CVE-2016-1334 Improper Input Validation vulnerability in Cisco Small Business Wireless Access Points Firmware 1.0.4.4
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.
network
low complexity
cisco CWE-20
5.3
2016-02-17 CVE-2016-1153 Improper Input Validation vulnerability in Cybozu Office 10.3.0/9.9.0
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.
network
low complexity
cybozu CWE-20
6.5
2016-02-17 CVE-2015-8489 Improper Input Validation vulnerability in Cybozu Office
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.
network
low complexity
cybozu CWE-20
6.5
2016-02-15 CVE-2015-5042 Improper Input Validation vulnerability in IBM Emptoris Contract Management
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.
network
low complexity
ibm CWE-20
7.5
2016-02-10 CVE-2016-0050 Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012
Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."
network
low complexity
microsoft CWE-20
5.3
2016-02-10 CVE-2016-0046 Improper Input Validation vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012
Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability."
local
low complexity
microsoft CWE-20
7.8
2016-02-10 CVE-2016-0044 Improper Input Validation vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
network
low complexity
microsoft CWE-20
7.5
2016-02-10 CVE-2016-0037 Improper Input Validation vulnerability in Microsoft Windows Server 2012 R2
The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service Vulnerability."
network
low complexity
microsoft CWE-20
7.5
2016-02-08 CVE-2016-2089 Improper Input Validation vulnerability in Jasper Project Jasper 1.900.1
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
network
low complexity
jasper-project CWE-20
6.5
2016-02-08 CVE-2015-8360 Improper Input Validation vulnerability in Atlassian Bamboo
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.
network
low complexity
atlassian CWE-20
critical
9.8