CWE-838
12 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-838page 1 of 1
- CVE-2018-9862HIGHCVSS 7.82018-04-09
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that v…
- CVE-2019-18981CRITICALCVSS 9.8EG 9.82019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
- CVE-2019-6110MEDIUMCVSS 6.82019-01-31
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files be…
- CVE-2020-10996HIGHCVSS 8.1EG 8.12020-04-27
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
- CVE-2020-29135MEDIUMCVSS 4.1EG 4.12020-11-27
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
- CVE-2020-7292MEDIUMCVSS 4.3EG 4.32020-07-15
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
- CVE-2021-35246MEDIUMCVSS 5.3EG 5.32022-11-23
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a…
- CVE-2023-3735MEDIUMCVSS 4.3EG 4.32023-08-01
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-5770MEDIUMCVSS 5.3EG 5.32024-01-09
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability …
- CVE-2023-6512MEDIUMCVSS 6.5EG 6.52023-12-06
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-11702HIGHCVSS 7.5EG 7.52024-11-26
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
- CVE-2024-34006MEDIUMCVSS 4.3EG 4.32024-05-31
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
Map vulnerabilities like CWE-838 to your infrastructure
EchelonGraph correlates every CVE — across CWE-838 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →