Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-29 | CVE-2017-9303 | Improper Input Validation vulnerability in Laravel 5.4.0 Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | 6.1 |
| 2017-05-29 | CVE-2017-9263 | Improper Input Validation vulnerability in Openvswitch 2.7.0 In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | 6.5 |
| 2017-05-27 | CVE-2017-9242 | Improper Input Validation vulnerability in Linux Kernel The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | 5.5 |
| 2017-05-27 | CVE-2017-3134 | Improper Input Validation vulnerability in Fortinet Fortiwlc-Sd An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | 7.2 |
| 2017-05-26 | CVE-2017-9034 | Improper Input Validation vulnerability in Trendmicro Serverprotect 3.0 Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates. | 9.8 |
| 2017-05-25 | CVE-2016-2165 | Improper Input Validation vulnerability in multiple products The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. | 6.5 |
| 2017-05-23 | CVE-2017-0373 | Improper Input Validation vulnerability in Config-Model Project Config-Model The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. | 7.3 |
| 2017-05-23 | CVE-2017-9188 | Improper Input Validation vulnerability in Autotrace Project Autotrace 0.31.1 libautotrace.a in AutoTrace 0.31.1 has a "left shift ... | 9.8 |
| 2017-05-23 | CVE-2016-5178 | Improper Input Validation vulnerability in multiple products Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2017-05-23 | CVE-2015-5401 | Improper Input Validation vulnerability in Teradata Express and Teradata Gateway Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. | 7.5 |