Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-16 | CVE-2019-0956 | Improper Encoding or Escaping of Output vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'. | 6.5 |
| 2019-05-06 | CVE-2019-10249 | Improper Encoding or Escaping of Output vulnerability in Eclipse Xtend and Xtext All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised. | 8.1 |
| 2019-04-09 | CVE-2019-0857 | Improper Encoding or Escaping of Output vulnerability in Microsoft Azure Devops Server 2019 A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'. | 6.5 |
| 2019-01-31 | CVE-2019-6109 | Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 6.8 |
| 2018-12-24 | CVE-2018-8920 | Improper Encoding or Escaping of Output vulnerability in Synology Diskstation Manager Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. | 7.2 |
| 2018-11-14 | CVE-2018-8609 | Improper Encoding or Escaping of Output vulnerability in Microsoft Dynamics 365 8.0/8.2 A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. | 8.8 |
| 2018-08-18 | CVE-2018-15494 | Improper Encoding or Escaping of Output vulnerability in multiple products In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | 9.8 |
| 2018-06-08 | CVE-2018-9246 | Improper Encoding or Escaping of Output vulnerability in multiple products The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. | 9.8 |
| 2018-02-19 | CVE-2009-4267 | Improper Encoding or Escaping of Output vulnerability in Apache Juddi 3.0.0 The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | 6.5 |
| 2018-02-14 | CVE-2018-2389 | Improper Encoding or Escaping of Output vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file. | 5.7 |