15 matches found
Astra Linux – Vulnerability in Apache2
apescapequotes may write beyond the end of a buffer when given malicious input. None of the included modules passes untrusted data to these functions, but third-party/external modules may do so. This issue affects Apache HTTP Server 2.4.48 and earlier...
RUSTSEC-2026-0136 Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...
PSF-2026-21
http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...
CVE-2021-39275. ap_escape_quotes buffer overflow
Security Advisory ID : BSA-2022-1599 Component : Apache httpd Revision : 1.1 An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated, remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing...
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input
An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function...
The vulnerability of the ap_escape_quotes() function in the Apache HTTP Server, related to writing beyond buffer boundaries in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the apescapequotes function in the Apache HTTP Server is related to the lack of input validation in this function. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
CLSA-2021-1634745216 Fix of CVE: CVE-2021-39275
CVE-2021-39275: apescapequotes algorithm which led to buffer overflow...
OESA-2021-1387 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apach...
UBUNTU-CVE-2021-39275
apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...
Apache HTTP Server 缓冲区错误漏洞
Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. buffer overflow vulnerability exists in Apache HTTP Server versions 2.4.48 and earlier, which stems from the possibility that apescapequotes may write content...
PT-2021-5758 · Apache +9 · Apache Http Server +9
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.48 and earlier Description: The issue is related to the ap escape quotes function, which may write beyond the end of a buffer when given malicious input. Although no included modules pass untrusted data to thes...
Possible XSS Vulnerability in Action View
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...