Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-34006 | 2024-06-04 | N/A | ||
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered. | ||||
CVE-2023-5770 | 1 Proofpoint | 1 Enterprise Protection | 2024-01-18 | 5.4 Medium |
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions. | ||||
CVE-2020-7292 | 1 Mcafee | 1 Web Gateway | 2023-11-07 | 4.3 Medium |
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL. | ||||
CVE-2019-6110 | 4 Netapp, Openbsd, Siemens and 1 more | 9 Element Software, Ontap Select Deploy, Storage Automation Store and 6 more | 2023-02-23 | 6.8 Medium |
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | ||||
CVE-2020-10996 | 1 Percona | 1 Xtradb Cluster | 2022-04-26 | 8.1 High |
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected. | ||||
CVE-2020-29135 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.1 Medium |
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). | ||||
CVE-2019-18981 | 1 Pimcore | 1 Pimcore | 2019-11-21 | 9.8 Critical |
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | ||||
CVE-2018-9862 | 1 Hyper | 1 Runv | 2019-10-03 | N/A |
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697. |
Page 1 of 1.