74 matches found
guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization
Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...
PT-2026-50793
Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description CookieJar incorrectly accepts cookies with a dot-only Domain attribute such as Domain=., Domain=.., Domain=... and whitespace-padded variants. The SetCookie::matchesDomain function removes leading...
PT-2026-50791
Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description In certain configurations, traffic intended to be protected by TLS on the hop to the proxy is transmitted in cleartext. This occurs when an application uses the built-in cURL handlers...
CVE-2026-49214
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...
CVE-2026-49214
CVE-2026-49214 affects guzzlehttp/psr7 up to version 2.10.1. Versions prior to 2.10.2 do not reject ASCII control characters/whitespace/DEL in URI host components. If a user-controlled URL is used to build a PSR-7 Uri/Request and the host contains CRLF or similar, the host may be copied into the ...
CVE-2023-29151
Uncontrolled search path element in some IntelR PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access...
EUVD-2010-2089
Malware in sbrugna...
EUVD-2023-32753
Malicious code in bioql PyPI...
EUVD-2022-6288
Malicious code in bioql PyPI...
EUVD-2023-1372
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-22093
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx-dmubsrv will de NULL if the ASIC does not support DMUB, which is tested in dmdmubswinit. However, it will be dereferenced in dmubhwlockmgrcmd if shouldusedmublock...
Linux Distros Unpatched Vulnerability : CVE-2024-50108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both...
K000149883: PSR-7 header validation vulnerability CVE-2023-30536
Security Advisory Description slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: PSR-SU should also be disabled for Parade 08-01 TCON. Stuart Hayhurst has found that both during bootup and when the fullscreen VA-API video mode is used, black screens occur for about 1 second, and a kernel...
SUSE CVE-2023-30536
slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...
CVE-2024-50108
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...
AZL-52503 CVE-2024-50108 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...
CVE-2024-50108
CVE-2024-50108 affects the Linux kernel DRM-AMD display path. The issue arises from PSR-SU handling for Parade 08-01 TCON, where at boot and during fullscreen VA-API playback a ~1s black screen occurs and kernel warnings are logged when calling dmub_psr_enable(). The vulnerability is mitigated by...
CVE-2024-50108 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...
CVE-2024-50108 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...