Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-5301 | Improper Input Validation vulnerability in multiple products The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. | 7.5 |
| 2016-06-30 | CVE-2015-8899 | Improper Input Validation vulnerability in multiple products Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | 7.5 |
| 2016-06-30 | CVE-2016-5840 | Improper Input Validation vulnerability in Trend Micro Deep Discovery Inspector 3.7/3.81/3.82 hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. | 7.2 |
| 2016-06-27 | CVE-2016-5828 | Improper Input Validation vulnerability in multiple products The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. | 7.8 |
| 2016-06-25 | CVE-2016-4825 | Improper Input Validation vulnerability in Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | 5.6 |
| 2016-06-23 | CVE-2016-1434 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | 6.5 |
| 2016-06-19 | CVE-2016-4530 | Improper Input Validation vulnerability in Osisoft PI SQL Data Access Server 2016 1.5 OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | 6.5 |
| 2016-06-19 | CVE-2016-4518 | Improper Input Validation vulnerability in Osisoft PI AF Server 2016 OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | 6.5 |
| 2016-06-19 | CVE-2016-1395 | Improper Input Validation vulnerability in Cisco products The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. | 9.8 |
| 2016-06-17 | CVE-2016-5433 | Improper Input Validation vulnerability in Citrix IOS Receiver 6.1.5 Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | 6.1 |