Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-4099 | Improper Encoding or Escaping of Output vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. | 5.3 |
| 2024-09-20 | CVE-2024-45808 | Improper Encoding or Escaping of Output vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 6.5 |
| 2024-09-06 | CVE-2024-45299 | Improper Encoding or Escaping of Output vulnerability in ALF 2.0M42304 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. | 6.5 |
| 2024-08-29 | CVE-2024-8297 | Improper Encoding or Escaping of Output vulnerability in Kitsada8621 Digital Library Management System 1.0 A vulnerability was found in kitsada8621 Digital Library Management System 1.0. | 7.5 |
| 2024-08-08 | CVE-2024-6329 | Improper Encoding or Escaping of Output vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded. | 7.5 |
| 2024-07-30 | CVE-2023-26289 | Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2024-07-15 | CVE-2024-39736 | Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-06-09 | CVE-2024-5585 | Improper Encoding or Escaping of Output vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. | 8.8 |
| 2024-05-03 | CVE-2023-28952 | Improper Encoding or Escaping of Output vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. | 5.3 |
| 2024-03-26 | CVE-2024-22356 | Improper Encoding or Escaping of Output vulnerability in IBM APP Connect Enterprise and Integration BUS IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. | 4.9 |