Vulnerabilities > Improper Input Validation

DATE CVE VULNERABILITY TITLE RISK
2016-08-02 CVE-2016-6259 Improper Input Validation vulnerability in multiple products
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
local
low complexity
xen citrix CWE-20
6.2
2016-08-02 CVE-2016-6178 Improper Input Validation vulnerability in Huawei products
Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet.
network
low complexity
huawei CWE-20
critical
9.8
2016-08-02 CVE-2016-1712 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
local
low complexity
paloaltonetworks CWE-20
7.8
2016-08-02 CVE-2016-3737 Improper Input Validation vulnerability in Redhat Jboss Operations Network
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
network
low complexity
redhat CWE-20
critical
9.8
2016-08-01 CVE-2016-5672 Improper Input Validation vulnerability in Intel Crosswalk 19.49.514.4
Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.
network
low complexity
intel CWE-20
8.1
2016-08-01 CVE-2016-1461 Improper Input Validation vulnerability in Cisco Asyncos
Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.
network
low complexity
cisco CWE-20
7.5
2016-07-28 CVE-2016-1463 Improper Input Validation vulnerability in Cisco Firesight System Software
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.
network
low complexity
cisco CWE-20
7.5
2016-07-28 CVE-2016-1374 Improper Input Validation vulnerability in Cisco Unified Computing System Performance Manager
The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827.
network
low complexity
cisco CWE-20
8.8
2016-07-23 CVE-2016-5135 Improper Input Validation vulnerability in Google Chrome
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.
network
low complexity
google CWE-20
6.5
2016-07-23 CVE-2016-1707 Improper Input Validation vulnerability in Google Chrome
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.
network
low complexity
google CWE-20
6.5