CVE-2018-2415

MEDIUM Year: 2018
CVSS v3 Score
4.7
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-172
View all →

Vulnerability Description

SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.

Related Vulnerabilities

CVE-2019-10153

MEDIUM
CVSS:5.0(Medium)

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster en...

CWE-1722019

CVE-2016-3827

MEDIUM
CVSS:5.5(Medium)

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or re...

CWE-1722016

CVE-2016-3828

MEDIUM
CVSS:5.5(Medium)

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a ...

CWE-1722016

CVE-2016-3829

MEDIUM
CVSS:5.5(Medium)

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via...

CWE-1722016

CVE-2018-7173

MEDIUM
CVSS:5.5(Medium)

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.

CWE-1722018

CVE-2018-7289

LOW
CVSS:3.3(Low)

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will f...

CWE-1722018