Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2018-1048 | Improper Encoding or Escaping of Output vulnerability in Redhat Jboss Enterprise Application Platform 7.1.0 It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | 7.5 |
| 2017-11-30 | CVE-2017-12340 | Improper Encoding or Escaping of Output vulnerability in Cisco Nx-Os 8.1(0.70)S0 A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. | 4.2 |
| 2017-08-01 | CVE-2017-12064 | Improper Encoding or Escaping of Output vulnerability in Open-Emr Openemr 5.0.0 The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name. | 7.5 |
| 2017-05-05 | CVE-2017-8303 | Improper Encoding or Escaping of Output vulnerability in Accellion File Transfer Appliance 80540/911200/911210 An issue was discovered on Accellion FTA devices before FTA_9_12_180. | 9.8 |
| 2017-03-20 | CVE-2014-9938 | Improper Encoding or Escaping of Output vulnerability in Git-Scm GIT contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | 8.8 |
| 2017-02-13 | CVE-2016-2568 | Improper Encoding or Escaping of Output vulnerability in multiple products pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 7.8 |
| 2017-02-07 | CVE-2016-3063 | Improper Encoding or Escaping of Output vulnerability in Netapp Oncommand System Manager Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | 7.5 |