Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2023-26289 | Improper Encoding or Escaping of Output vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2024-07-15 | CVE-2024-39736 | Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-06-09 | CVE-2024-5585 | Improper Encoding or Escaping of Output vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. | 8.8 |
| 2024-05-03 | CVE-2023-28952 | Improper Encoding or Escaping of Output vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. | 5.3 |
| 2024-03-05 | CVE-2022-22399 | Improper Encoding or Escaping of Output vulnerability in IBM Aspera Faspex 5.0.0/5.0.1 IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |
| 2024-02-06 | CVE-2024-0690 | Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. | 5.5 |
| 2024-02-03 | CVE-2024-1064 | Improper Encoding or Escaping of Output vulnerability in Craftycontrol Crafty Controller A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | 7.5 |
| 2024-02-02 | CVE-2023-47143 | Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-01-29 | CVE-2024-0987 | Improper Encoding or Escaping of Output vulnerability in Kuerp Project Kuerp 1.0.4 A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. | 9.8 |
| 2024-01-24 | CVE-2024-22229 | Improper Encoding or Escaping of Output vulnerability in Dell products Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. | 4.3 |