CVE-2024-39929

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-116
View all →

Vulnerability Description

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

Related Vulnerabilities

CVE-2019-10362

MEDIUM
CVSS:5.4(Medium)

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change...

CWE-1162019

CVE-2021-29854

MEDIUM
CVSS:5.4(Medium)

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remot...

CWE-1162021

CVE-2021-29872

MEDIUM
CVSS:5.4(Medium)

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a s...

CWE-1162021

CVE-2021-39170

MEDIUM
CVSS:5.4(Medium)

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this is...

CWE-1162021

CVE-2022-0450

MEDIUM
CVSS:5.4(Medium)

The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any a...

CWE-1162022

CVE-2022-30966

MEDIUM
CVSS:5.4(Medium)

Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (...

CWE-1162022