Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-20 | CVE-2016-3739 | Improper Input Validation vulnerability in Haxx Curl The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate. | 5.3 |
| 2016-05-20 | CVE-2015-7558 | Improper Input Validation vulnerability in multiple products librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | 7.5 |
| 2016-05-20 | CVE-2015-7557 | Improper Input Validation vulnerability in Gnome Librsvg The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | 7.5 |
| 2016-05-20 | CVE-2016-4072 | Improper Input Validation vulnerability in multiple products The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. | 9.8 |
| 2016-05-20 | CVE-2016-4071 | Improper Input Validation vulnerability in multiple products Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. | 9.8 |
| 2016-05-20 | CVE-2016-1843 | Improper Input Validation vulnerability in Apple mac OS X The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. | 7.5 |
| 2016-05-20 | CVE-2016-1800 | Improper Input Validation vulnerability in Apple mac OS X Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | 8.8 |
| 2016-05-17 | CVE-2016-4425 | Improper Input Validation vulnerability in Jansson Project Jansson Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. | 7.5 |
| 2016-05-17 | CVE-2016-3705 | Improper Input Validation vulnerability in multiple products The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. | 7.5 |
| 2016-05-16 | CVE-2016-3185 | Improper Input Validation vulnerability in PHP The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. | 7.1 |