Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-05 | CVE-2016-3714 | Improper Input Validation vulnerability in multiple products The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | 8.4 |
| 2016-05-03 | CVE-2016-0895 | Improper Input Validation vulnerability in EMC RSA Data Loss Prevention EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. | 4.3 |
| 2016-05-02 | CVE-2015-8019 | Improper Input Validation vulnerability in Linux Kernel 3.14.54/3.18.22 The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. | 7.8 |
| 2016-05-02 | CVE-2015-2672 | Improper Input Validation vulnerability in Linux Kernel The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. | 5.5 |
| 2016-05-02 | CVE-2008-7316 | Improper Input Validation vulnerability in Linux Kernel mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | 5.5 |
| 2016-05-01 | CVE-2016-4421 | Improper Input Validation vulnerability in Wireshark epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | 5.9 |
| 2016-05-01 | CVE-2016-4420 | Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1 The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.9 |
| 2016-04-28 | CVE-2016-0211 | Improper Input Validation vulnerability in IBM DB2 and DB2 Connect IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message. | 4.3 |
| 2016-04-27 | CVE-2016-2549 | Improper Input Validation vulnerability in Linux Kernel sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. | 6.2 |
| 2016-04-27 | CVE-2016-2548 | Improper Input Validation vulnerability in Linux Kernel sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. | 6.2 |