Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-03 | CVE-2015-6260 | Improper Input Validation vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. | 7.5 |
| 2016-03-01 | CVE-2016-2562 | Improper Input Validation vulnerability in PHPmyadmin The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2016-02-28 | CVE-2016-2528 | Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1 The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | 5.9 |
| 2016-02-28 | CVE-2016-2527 | Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1 wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. | 5.5 |
| 2016-02-28 | CVE-2016-2526 | Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1 epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | 5.9 |
| 2016-02-28 | CVE-2016-2525 | Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1 epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | 5.9 |
| 2016-02-28 | CVE-2016-2524 | Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1 epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.9 |
| 2016-02-27 | CVE-2016-2572 | Improper Input Validation vulnerability in Squid-Cache Squid http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | 7.5 |
| 2016-02-27 | CVE-2016-2571 | Improper Input Validation vulnerability in Squid-Cache Squid http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | 7.5 |
| 2016-02-27 | CVE-2016-2570 | Improper Input Validation vulnerability in Squid-Cache Squid The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. | 7.5 |