Vulnerabilities > Improper Input Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2019-4620 | Improper Input Validation vulnerability in IBM MQ Appliance IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. | 7.8 |
| 2020-01-28 | CVE-2014-2914 | Improper Input Validation vulnerability in Fishshell Fish 2.0.0/2.1.0 fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt. | 9.8 |
| 2020-01-28 | CVE-2013-2571 | Improper Input Validation vulnerability in Hcomm Xpient Iris 3.8 Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. | 9.8 |
| 2020-01-27 | CVE-2020-8087 | Improper Input Validation vulnerability in SMC D3G0804W Firmware D3Gnv5M3.5.1.6.10Ga SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. | 9.8 |
| 2020-01-26 | CVE-2020-3139 | Improper Input Validation vulnerability in Cisco Application Policy Infrastructure Controller A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. | 5.3 |
| 2020-01-26 | CVE-2020-3134 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
| 2020-01-26 | CVE-2019-16029 | Improper Input Validation vulnerability in Cisco Smart Software Manager On-Prem 5.0/5.1.0/6.3.0 A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. | 9.1 |
| 2020-01-26 | CVE-2019-16027 | Improper Input Validation vulnerability in Cisco IOS XR A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. | 6.5 |
| 2020-01-26 | CVE-2019-16026 | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. | 5.9 |
| 2020-01-26 | CVE-2019-16005 | Improper Input Validation vulnerability in Cisco Collaboration Meeting Rooms and Webex Video Mesh A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. | 7.2 |