Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2018-15632 | Improper Input Validation vulnerability in Odoo Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials. | 9.1 |
| 2020-12-21 | CVE-2020-3999 | Improper Input Validation vulnerability in VMWare Esxi, Fusion and Workstation VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. | 6.5 |
| 2020-12-18 | CVE-2020-27154 | Improper Input Validation vulnerability in Mitel Businesscti Enterprise 6.4.10/7.0.0/7.0.2 The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. | 8.8 |
| 2020-12-18 | CVE-2020-25611 | Improper Input Validation vulnerability in Mitel Micollab The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. | 6.1 |
| 2020-12-18 | CVE-2020-25606 | Improper Input Validation vulnerability in Mitel Micollab The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS. | 6.1 |
| 2020-12-18 | CVE-2020-7838 | Improper Input Validation vulnerability in Onstove Stove 0.0.4.10/0.0.4.71 A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. | 8.8 |
| 2020-12-17 | CVE-2020-12521 | Improper Input Validation vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. | 6.5 |
| 2020-12-17 | CVE-2020-15293 | Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2 Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | 5.5 |
| 2020-12-17 | CVE-2020-15292 | Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.0 Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | 5.5 |
| 2020-12-15 | CVE-2020-25195 | Improper Input Validation vulnerability in Hosteng products The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device. | 7.5 |