Lucene search
K

74 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 2:35 p.m.11 views

guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50793

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description CookieJar incorrectly accepts cookies with a dot-only Domain attribute such as Domain=., Domain=.., Domain=... and whitespace-padded variants. The SetCookie::matchesDomain function removes leading...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50791

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description In certain configurations, traffic intended to be protected by TLS on the hop to the proxy is transmitted in cleartext. This occurs when an application uses the built-in cURL handlers...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 1:16 p.m.10 views

CVE-2026-49214

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...

5.3CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 12:38 p.m.40 views

CVE-2026-49214

CVE-2026-49214 affects guzzlehttp/psr7 up to version 2.10.1. Versions prior to 2.10.2 do not reject ASCII control characters/whitespace/DEL in URI host components. If a user-controlled URL is used to build a PSR-7 Uri/Request and the host contains CRLF or similar, the host may be copied into the ...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.5 views

CVE-2023-29151

Uncontrolled search path element in some IntelR PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.1AI score0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2010-2089

Malware in sbrugna...

4.9CVSS6AI score0.00381EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-32753

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-6288

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00594EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1372

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.00743EPSS
Exploits0References9
OSV
OSV
added 2025/04/16 3:16 p.m.1 views

DEBIAN-CVE-2025-22093

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx-dmubsrv will de NULL if the ASIC does not support DMUB, which is tested in dmdmubswinit. However, it will be dereferenced in dmubhwlockmgrcmd if shouldusedmublock...

5.5CVSS5.6AI score0.00166EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-50108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both...

5.5CVSS6.2AI score0.00233EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/02/20 2:0 a.m.17 views

K000149883: PSR-7 header validation vulnerability CVE-2023-30536

Security Advisory Description slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the...

6.5CVSS6.7AI score0.00743EPSS
Exploits0
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: PSR-SU should also be disabled for Parade 08-01 TCON. Stuart Hayhurst has found that both during bootup and when the fullscreen VA-API video mode is used, black screens occur for about 1 second, and a kernel...

5.5CVSS6.1AI score0.00233EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/01/24 4:18 a.m.6 views

SUSE CVE-2023-30536

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

6.5CVSS6.8AI score0.00743EPSS
Exploits0References4
NVD
NVD
added 2024/11/05 6:15 p.m.10 views

CVE-2024-50108

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...

5.5CVSS0.00233EPSS
Exploits0References5
OSV
OSV
added 2024/11/05 6:15 p.m.6 views

AZL-52503 CVE-2024-50108 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...

5.5CVSS5.8AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 5:10 p.m.139 views

CVE-2024-50108

CVE-2024-50108 affects the Linux kernel DRM-AMD display path. The issue arises from PSR-SU handling for Parade 08-01 TCON, where at boot and during fullscreen VA-API playback a ~1s black screen occurs and kernel warnings are logged when calling dmub_psr_enable(). The vulnerability is mitigated by...

5.5CVSS5.1AI score0.00233EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/05 5:10 p.m.1 views

CVE-2024-50108 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...

7.6AI score0.00233EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/05 5:10 p.m.17 views

CVE-2024-50108 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...

0.00233EPSS
Exploits0References4
Rows per page
Query Builder