Vulnerabilities > Improper Input Validation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-08-02 | CVE-2016-6259 | Improper Input Validation vulnerability in multiple products Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | 6.2 |
2016-08-02 | CVE-2016-6178 | Improper Input Validation vulnerability in Huawei products Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet. | 9.8 |
2016-08-02 | CVE-2016-1712 | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | 7.8 |
2016-08-02 | CVE-2016-3737 | Improper Input Validation vulnerability in Redhat Jboss Operations Network The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | 9.8 |
2016-08-01 | CVE-2016-5672 | Improper Input Validation vulnerability in Intel Crosswalk 19.49.514.4 Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. | 8.1 |
2016-08-01 | CVE-2016-1461 | Improper Input Validation vulnerability in Cisco Asyncos Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. | 7.5 |
2016-07-28 | CVE-2016-1463 | Improper Input Validation vulnerability in Cisco Firesight System Software Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | 7.5 |
2016-07-28 | CVE-2016-1374 | Improper Input Validation vulnerability in Cisco Unified Computing System Performance Manager The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827. | 8.8 |
2016-07-23 | CVE-2016-5135 | Improper Input Validation vulnerability in Google Chrome WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element. | 6.5 |
2016-07-23 | CVE-2016-1707 | Improper Input Validation vulnerability in Google Chrome ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. | 6.5 |