Explore CVEs related to Input Validation vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Input Validation CVEs published in 2016. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2016-7952 | X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | 7.5 | 2.31% | 2016-12-13 | 2026-06-16 |
| CVE-2016-7949 | Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. | 9.8 | 3.72% | 2016-12-13 | 2026-06-16 |
| CVE-2016-6712 | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593752. | 5.5 | 0.72% | 2016-12-13 | 2026-06-16 |
| CVE-2016-6711 | A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765. | 5.5 | 0.83% | 2016-12-13 | 2026-06-16 |
| CVE-2016-5691 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | 9.8 | 5.45% | 2016-12-13 | 2026-06-16 |
| CVE-2016-9863 | An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. | 7.5 | 1.94% | 2016-12-10 | 2026-06-16 |
| CVE-2016-9860 | An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | 5.9 | 1.93% | 2016-12-10 | 2026-06-16 |
| CVE-2016-9859 | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | 5.3 | 2.19% | 2016-12-10 | 2026-06-16 |
| CVE-2016-9858 | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | 5.3 | 2.26% | 2016-12-10 | 2026-06-16 |
| CVE-2016-6630 | An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | 6.5 | 2.09% | 2016-12-10 | 2026-06-16 |
| CVE-2016-6623 | An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | 6.5 | 1.66% | 2016-12-10 | 2026-06-16 |
| CVE-2016-6501 | JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | 9.8 | 3.85% | 2016-12-09 | 2026-06-16 |
| CVE-2016-6496 | The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | 9.8 | 4.71% | 2016-12-09 | 2026-06-16 |
| CVE-2016-9919 | The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. | 7.5 | 5.67% | 2016-12-08 | 2026-06-16 |
| CVE-2015-8870 | Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. | 7.4 | 2.00% | 2016-12-06 | 2026-06-16 |
| CVE-2016-8740 | The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | 7.5 | 79.07% | 2016-12-05 | 2026-06-16 |
| CVE-2016-9157 | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | 9.8 | 3.26% | 2016-12-05 | 2026-06-16 |
| CVE-2016-9156 | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | 7.3 | 1.51% | 2016-12-05 | 2026-06-16 |
| CVE-2016-3044 | The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | 6.5 | 0.35% | 2016-12-01 | 2026-06-16 |
| CVE-2016-9564 | Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | 7.5 | 1.44% | 2016-11-30 | 2026-06-16 |