PT-2023-32955 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.5.8 Description: The issue is related to improper header validation for the name and value, which could allow a potential attacker to construct deliberately malformed headers using the Header class. This could...

Insecure header validation in slim/psr7

Impact An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Ps...

CVE-2021-40507

An issue was discovered in the ALU unit of the OR1200 aka OpenRISC 1200 processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may...

ROS-20230418-05

A vulnerability in the OpenSSL cryptographic library is related to a boundary error in the PEMreadbioex function. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted PEM file to an application, cause a memory re-release error, and perform a typing...

PSF-2023-2 Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

CVE-2021-40506

An issue was discovered in the ALU unit of the OR1200 aka OpenRISC 1200 processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience...

CVE-2023-30536

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

CVE-2023-30536 Insecure header validation in slim/psr7

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

The vulnerability of the da9150_charger_remove() function in the drivers/power/supply/da9150-charger.c file of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the da9150chargerremove function in the drivers/power/supply/da9150-charger.c file of the Linux kernel is related to the use of memory after it is freed due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a...

Oracle Linux 8 : firefox (ELSA-2023-1787)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1787 advisory. 102.10.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

SUSE CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

The vulnerability of Windows operating system DNS servers allows a perpetrator to execute arbitrary code.

The vulnerability of Windows operating system DNS servers is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Windows operating system’s lock screen allows a hacker to bypass security restrictions.

The vulnerability of the Windows operating system’s lock screen is related to security configuration errors. Exploiting this vulnerability can allow a hacker to bypass security restrictions...

The vulnerability of Windows operating system DNS servers allows a perpetrator to execute arbitrary code.

The vulnerability of Windows operating system DNS servers is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Adobe Reader Classic 2020 Security Update (APSB23-24) - Windows

Adobe Acrobat Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the UEFI loader of the Boot Manager for Windows operating systems allows a hacker to circumvent security restrictions.

The vulnerability of the UEFI-bootloader of Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass security restrictions...

The vulnerability of the UEFI loader of the Boot Manager for Windows operating systems allows a hacker to circumvent security restrictions.

The vulnerability of the UEFI-bootloader of Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass security restrictions...

The vulnerability of the Windows operating system’s lock screen allows a hacker to bypass security restrictions.

The vulnerability of the Windows operating system’s lock screen is related to security configuration errors. Exploiting this vulnerability can allow a hacker to bypass security restrictions...

The vulnerability of the Layer 2 Tunneling Protocol (L2TP) implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Layer 2 Tunneling Protocol L2TP implementation in Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE-SU-2023:1823-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 bsc1208480: Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. -...