Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-01-15 CVE-2015-8688 Improper Input Validation vulnerability in Gajim
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
network
low complexity
gajim CWE-20
5.4
2016-01-14 CVE-2015-8605 Improper Input Validation vulnerability in multiple products
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
low complexity
sophos isc debian canonical CWE-20
6.5
2016-01-13 CVE-2016-1569 Improper Input Validation vulnerability in Firebirdsql Firebird 2.5.5
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
network
low complexity
firebirdsql CWE-20
6.5
2016-01-13 CVE-2016-1494 Improper Input Validation vulnerability in multiple products
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
network
low complexity
python fedoraproject opensuse CWE-20
5.3
2016-01-13 CVE-2015-8607 Improper Input Validation vulnerability in multiple products
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
network
low complexity
canonical perl debian CWE-20
7.3
2016-01-13 CVE-2015-8466 Improper Input Validation vulnerability in multiple products
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
network
high complexity
fedoraproject openstack CWE-20
7.4
2016-01-13 CVE-2016-0005 Improper Input Validation vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-20
4.3
2016-01-12 CVE-2015-7759 Improper Input Validation vulnerability in F5 products
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery.
network
high complexity
f5 CWE-20
3.7
2016-01-11 CVE-2015-8331 Improper Input Validation vulnerability in Huawei Vcn500 V100R002C00Spc200B010
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID.
network
high complexity
huawei CWE-20
7.4
2016-01-08 CVE-2015-8760 Improper Input Validation vulnerability in Typo3
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
network
low complexity
typo3 CWE-20
6.1