Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-04 | CVE-2016-1284 | Improper Input Validation vulnerability in ISC Bind 9.9.8 rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. | 5.9 |
| 2016-02-03 | CVE-2015-8747 | Improper Input Validation vulnerability in Radicale 1.0/1.0.1 The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | 10.0 |
| 2016-02-01 | CVE-2015-8265 | Improper Input Validation vulnerability in Huawei E5151 Firmware and E5186 Firmware Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors. | 7.5 |
| 2016-01-31 | CVE-2016-1942 | Improper Input Validation vulnerability in multiple products Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI. | 7.4 |
| 2016-01-30 | CVE-2016-1303 | Improper Input Validation vulnerability in Cisco 500 Series Switch Firmware 1.2.0.92 The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | 7.5 |
| 2016-01-29 | CVE-2016-0756 | Improper Input Validation vulnerability in Prosody The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix. | 5.3 |
| 2016-01-29 | CVE-2016-0754 | Improper Input Validation vulnerability in Haxx Curl cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | 5.3 |
| 2016-01-27 | CVE-2016-1983 | Improper Input Validation vulnerability in Privoxy The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | 7.5 |
| 2016-01-27 | CVE-2016-1982 | Improper Input Validation vulnerability in Privoxy The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. | 7.5 |
| 2016-01-25 | CVE-2016-1612 | Improper Input Validation vulnerability in Google Chrome The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. | 7.6 |