CVE-2026-29197

In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...

Linux Distros Unpatched Vulnerability : CVE-2023-29197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a...

CVE-2022-29197

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...

Debian dla-3705 : php-guzzlehttp-psr7 - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3705 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3705-1 [email protected]...

CVE-2024-29197 Pimcore Preview Documents are not restricted to logged in users anymore

Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument ?pimcorepreview=true allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer...

CVE-2024-29197

CVE-2024-29197 affects Pimcore (Open Source Data & Experience Management Platform). The issue allows viewing unpublished sites when the query parameter ?pimcore_preview=true is used, due to previews no longer being properly access-controlled. This could let an unauthenticated user access potentia...

CVE-2024-29197

creationtimestamp| type| source ---|---|--- 2024-03-25 11:55:39+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6849...

Ubuntu 20.04 LTS / 22.04 LTS : php-guzzlehttp-psr7 vulnerabilities (USN-6670-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6670-1 advisory. It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an...

Ubuntu 22.04 LTS : php-nyholm-psr7 vulnerability (USN-6671-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6671-1 advisory. It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack...

FreeBSD : mantis -- multiple vulnerabilities (1f0d0024-ac9c-11ee-8e91-1c697a013f4b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1f0d0024-ac9c-11ee-8e91-1c697a013f4b advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...

[SECURITY] [DLA 3705-1] php-guzzlehttp-psr7 security update

Debian LTS Advisory DLA-3705-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS Package : php-guzzlehttp-psr7 Version : 1.4.2-0.1+deb10u2 CVE ID : CVE-2023-29197 Debian Bug : 1034581 It was discovered that...

CVE-2023-29197

creationtimestamp| type| source ---|---|--- 2023-10-27 17:00:30+00:00| seen| https://t.me/cibsecurity/62314...

mantis -- multiple vulnerabilities

Mantis 2.25.8 release reports: Security and maintenance release 0032432: Update guzzlehttp/psr7 to 1.9.1 CVE-2023-29197 0032981: Information Leakage on DokuWiki Integration CVE-2023-44394...

Mageia: Security Advisory (MGASA-2023-0241)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated mediawiki packages fix security vulnerability

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

MGASA-2023-0241 Updated mediawiki packages fix security vulnerability

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

MediaWiki < 1.35.11, 1.36.x < 1.38.7, 1.39.x < 1.39.4 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

MediaWiki < 1.35.11, 1.36.x < 1.38.7, 1.39.x < 1.39.4 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

FreeBSD : mediawiki -- multiple vulnerabilities (95dad123-180e-11ee-86ba-080027eda32c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 95dad123-180e-11ee-86ba-080027eda32c advisory. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are...

Fedora 38 : php-nyholm-psr7 (2023-b0811dc6e4)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b0811dc6e4 advisory. Version 1.7.0 - Bump to PHP 7.2 minimum - Allow psr/http-message v2 - Use copy-on-write for streams created from strings ---- Version 1.6.1 - Security fix:...