MCP Registry 跨站脚本漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained a cross-site scripting vulnerability. This vulnerability originated from the public directory UI; server-side validation only checked whether the URL...

fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes

Summary When an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. Detail Malicious Input a: "@attr": '" onClick="alert1' Output x...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...

PT-2026-28542

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.5.0 through 4.5.7 Mastodon versions 4.4.0 through 4.4.14 Description Mastodon is a free, open-source social network server based on ActivityPub. An attacker who is aware of a quote before it has reached a server can prevent...

EUVD-2011-3007

Malware in sbrugna...

Security update for rav1e

This update for rav1e fixes the following issues: Update crate shlex to 1.3.0: CVE-2024-58266: Fixed command injection bsc1247207 RUSTSEC-2024-0006: Fixed multiple issues involving quote API bsc1230028 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

SUSE CVE-2023-51713

makeftpcmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics...

PT-2023-31315 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Apache Superset versions 3.0.0 through 3.0.1 Description: A where in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apach...

SUSE CVE-2011-3039

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling...

ALPINE-CVE-2021-20233

A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...

Saltstack SaltStack Salt 命令注入漏洞

SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A command injection vulnerability exists in SaltStack Salt versions prior to Sal...

Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27706/info Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to access potentially sensitive data that may aid i...

FreeBSD Ports: chromium

The remote host is missing an update to the system as announced in the referenced advisory. VID 99aef698-66ed-11e1-8288-00262d5ed8ee OpenVAS Vulnerability Test $ Description: Auto generated from VID 99aef698-66ed-11e1-8288-00262d5ed8ee Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)

Google Chrome Releases reports : 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library...

CVE-2011-3039

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling...

CVE-2011-3039

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling...

CVE-2011-3039

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling...

CVE-2011-3039

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling...