Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-07 | CVE-2016-1563 | Improper Input Validation vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2016-04-06 | CVE-2016-1291 | Improper Input Validation vulnerability in multiple products Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | 9.8 |
| 2016-04-01 | CVE-2016-1345 | Improper Input Validation vulnerability in Cisco products Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | 7.5 |
| 2016-03-24 | CVE-2016-1763 | Improper Input Validation vulnerability in Apple Iphone OS Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. | 3.5 |
| 2016-03-24 | CVE-2016-1752 | Improper Input Validation vulnerability in Apple products The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | 5.5 |
| 2016-03-24 | CVE-2016-1747 | Improper Input Validation vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746. | 7.8 |
| 2016-03-24 | CVE-2016-1746 | Improper Input Validation vulnerability in Apple mac OS X IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. | 7.8 |
| 2016-03-24 | CVE-2016-1733 | Improper Input Validation vulnerability in Apple mac OS X AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 7.8 |
| 2016-03-24 | CVE-2015-7551 | Improper Input Validation vulnerability in multiple products The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. | 8.4 |
| 2016-03-22 | CVE-2016-1998 | Improper Input Validation vulnerability in HP Service Manager HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |