CVEbaza.plSłownik CWECWE-838
Common Weakness Enumeration

CWE-838

Inappropriate Encoding for Output Context

Kategoria: BaseCVE: 16
Opis

Produkt używa lub określa kodowanie podczas generowania wyjścia dla komponentu poniższego, jednak określone kodowanie różni się od kodowania oczekiwanego przez komponent docelowy. Niezgodność kodowania może prowadzić do uszkodzenia danych lub zagrożeń bezpieczeństwa.

Description (EN)

The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.

Podatności CVE z CWE-838 (16)
9.8
CVSS
CRITICAL
CVE-2025-4052

Podatność w narzędziach deweloperskich (DevTools) przeglądarki Google Chrome umożliwia zdalnemu atakującemu obejście mechanizmów kontroli dostępu. Pomimo oceny CVSS 9.8, producent klasyfikuje podatność jako niską pod względem dotkliwości (Chromium security severity: Low), co wskazuje na znaczące rozbieżności między metryką bazową a rzeczywistym ryzykiem eksploatacji.

pub. 2025-05-05
9.8
CVSS
CRITICAL
CVE-2019-18981

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

pub. 2019-11-15
8.1
CVSS
HIGH
CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.

pub. 2020-04-27
7.8
CVSS
HIGH
CVE-2018-9862

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.

pub. 2018-04-09
7.5
CVSS
HIGH
CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

pub. 2024-11-26
6.8
CVSS
MEDIUM
CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

pub. 2019-01-31
6.5
CVSS
MEDIUM
CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

pub. 2023-12-06
5.3
CVSS
MEDIUM
CVE-2023-5770

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

pub. 2024-01-09
4.3
CVSS
MEDIUM
CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

pub. 2024-05-31
4.3
CVSS
MEDIUM
CVE-2023-3735

Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

pub. 2023-08-01
4.3
CVSS
MEDIUM
CVE-2020-7292

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

pub. 2020-07-15
4.1
CVSS
MEDIUM
CVE-2020-29135

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

pub. 2020-11-27
Informacje
ID: CWE-838
Typ: Base
Podatności: 16
MITRE CWE ↗
← Słownik CWE