Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-436

CWE-436

Interpretation Conflict

Parent: CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

109 vulnerabilities with CWE-436

CVE-2024-23644 MEDIUM

Trillium < 0.5.4 and trillium-http < 0.3.12 - HTTP Request/Response Splitting via Header Injection

CVE-2023-52892 HIGH

phpseclib < 1.0.22, 2.x < 2.0.46, 3.x < 3.0.33 - X.509 Certificate Host Verification Bypass

CVE-2023-39481 HIGH

Softing Secure Integration Server < 1.30 - Remote Code Execution via URI Parsing Inconsistency

CVE-2023-45715 LOW

HCL BigFix Platform 9.5-9.5.23 - Denial of Service via Invalid File Name Characters

CVE-2023-50327 MEDIUM

IBM PowerSC 1.3, 2.0, and 2.1 - Unauthorized File Request Modification via Insecure HTTP Methods

CVE-2023-48256 MEDIUM

Bosch NEXO-OS 1000-1500-sp2 - HTTP Response Splitting via Crafted URL

CVE-2023-49284 LOW

fish < 3.6.2 - Denial of Service and Information Disclosure via Unicode Non-Character Handling

CVE-2023-40718 HIGH

Fortinet IPS Engine <7.321-6.158 - Evade IPS

CVE-2023-29406 MEDIUM

GO < 1.19.11 - Interpretation Conflict

CVE-2023-36456 HIGH

authentik <2023.4.3-2023.5.5 - SSRF

CVE-2023-32708 HIGH

Splunk Enterprise < 9.0.5, < 8.2.11, < 8.1.14 and Splunk Cloud Platform < 9.0.2303.100 - HTTP Response Splitting

CVE-2023-30541 MEDIUM

OpenZeppelin Contracts 3.2.0-4.8.2 - Denial of Service via Proxy Function Selector Clash

CVE-2023-30536 MEDIUM

slim/psr7 < 1.6.1 - HTTP Header Injection via Newline Character

CVE-2023-29197 MEDIUM

guzzlehttp/psr7 <1.9.1, <2.4.5 - XSS

CVE-2023-22998 MEDIUM

Linux Kernel < 6.0.3 - Use-After-Free in virtgpu_object

CVE-2023-24813 CRITICAL

Dompdf <2.0.3 - Arbitrary URL Fetch via SVG href Parsing

CVE-2023-22735 MEDIUM

zulip_server - Cross-Site Scripting via Arbitrary Content-Type Upload in S3 Storage

CVE-2023-22602 HIGH

Apache Shiro < 1.11.0 - Authentication Bypass via Spring Boot Pattern Matching Conflict

CVE-2022-48473 HIGH

Huawei Bisheng-WNM Firmware - Denial of Service via Input Misinterpretation

CVE-2022-48471 HIGH

Huawei Bisheng-WNM Firmware - Denial of Service via Input Misinterpretation

CVE-2022-48261 HIGH

BiSheng-WNM FW 3.0.0.325 - Interpretation Conflict in Printer Service

CVE-2022-48230 HIGH

BiSheng-WNM FW 3.0.0.325 - Denial of Service via Input Misinterpretation

CVE-2022-48279 HIGH

ModSecurity < 2.9.6 and 3.0.0-3.0.7 - Web Application Firewall Bypass via HTTP Multipart Request Parsing

CVE-2022-37436 MEDIUM

Apache HTTP Server < 2.4.55 - HTTP Response Header Injection via CRLF Sequence

CVE-2022-41915 MEDIUM

Netty 4.1.83-4.1.85 - HTTP Response Splitting via DefaultHttpHeaders.set Iterator

Previous Page 3 of 5 Next

Details

Vulnerabilities 109

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy