CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1188 matches found

OpenVAS•added 2020/11/16 12:0 a.m.•21 views

aiohttp Detection (HTTP)

HTTP based detection of aiohttp. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112839";...

7.4AI score

Exploits0References1

Gitee•added 2020/06/05 2:28 p.m.•5 views

Vxscan

This is a Python script called Vxscan, which is a comprehensive scanning tool. It is primarily used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, and SQL injection. T...

7.7AI score

Exploits0

vulnersOsv•added 2019/03/12 3:16 p.m.•1 views

aiohttp-apispec (>=0.7.2 <=0.7.6), pygrest (>=1.0.1 <=1.3.0) +1 more potentially affected by CVE-2019-9710 via webargs (>=1.8.1 <=5.1.2)

webargs PYPI version =1.8.1, =0.7.2, =1.0.1, =0.4.0, =0.100.2rc4 Source cves: CVE-2019-9710 Source advisory: OSV:GHSA-8554-JXCW-454Q...

8.1CVSS7.2AI score0.0112EPSS

Exploits1

vulnersOsv•added 2019/03/12 2:29 a.m.•1 views

aiohttp-apispec (>=0.7.2 <=0.7.6), pygrest (>=1.0.1 <=1.3.0) +1 more potentially affected by CVE-2019-9710 via webargs (>=1.8.1 <=5.1.2)

webargs PYPI version =1.8.1, =0.7.2, =1.0.1, =0.4.0, =0.100.2rc4 Source cves: CVE-2019-9710 Source advisory: OSV:PYSEC-2019-139...

8.1CVSS7.2AI score0.0112EPSS

Exploits1

vulnersOsv•added 2018/12/20 10:1 p.m.•2 views

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +62 more potentially affected by CVE-2018-1000814 via aiohttp-session (>=0.8.0 <=2.1.0)

aiohttp-session PYPI version =0.8.0, =1.0.1, =0.1.0a0, =1.0.0, =0.0.1, =1.4.0, =0.3.0, =0.4.3, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =22.3.0, =0.0.1, =0.0.2 and more Source cves: CVE-2018-1000814 Source advisory: OSV:GHSA-MR4X-C4V9-X729...

6.5CVSS6.5AI score0.00965EPSS

Exploits1

Github Security Blog•added 2018/12/20 10:1 p.m.•24 views

aiohttp-session creates non-expiring sessions

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

6.5CVSS6.2AI score0.00965EPSS

Exploits1References6Affected Software1

OSV•added 2018/12/20 10:1 p.m.•16 views

GHSA-MR4X-C4V9-X729 aiohttp-session creates non-expiring sessions

7.1CVSS6.3AI score0.00965EPSS

Exploits1References7

Prion•added 2018/12/20 3:29 p.m.•9 views

Improper access control

4CVSS6.4AI score0.00965EPSS

Exploits1References2Affected Software1

vulnersOsv•added 2018/12/20 3:29 p.m.•1 views

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +62 more potentially affected by CVE-2018-1000814 via aiohttp-session (>=0.8.0 <=2.1.0)

6.5CVSS6.5AI score0.00965EPSS

Exploits1

PyPA•added 2018/12/20 3:29 p.m.•6 views

PYSEC-2018-35

6.5CVSS6.8AI score0.00965EPSS

Exploits1References3Affected Software1

OSV•added 2018/12/20 3:29 p.m.•14 views

CVE-2018-1000814

6.5CVSS6.4AI score

Exploits0References2

NVD•added 2018/12/20 3:29 p.m.•10 views

CVE-2018-1000814

6.5CVSS6.4AI score0.00965EPSS

Exploits1References2

OSV•added 2018/12/20 3:29 p.m.•19 views

PYSEC-2018-35

6.5CVSS5.1AI score0.00965EPSS

Exploits1References3

CVE•added 2018/12/20 3:0 p.m.•74 views

CVE-2018-1000814

CVE-2018-1000814 affects aiohttp-session versions 2.6.0 and earlier. The vulnerability lies in EncryptedCookieStorage and NaClCookieStorage, allowing non-expiring (infinite) sessions. Exploitation described as recreation of a cookie post-expiry with the same value; no explicit fixes are provided ...

6.5CVSS6.3AI score0.00965EPSS

Exploits1References2Affected Software1

vulnersOsv•added 2018/09/13 3:46 p.m.•1 views

ahserver (>=1.0.1 <=1.2.0), aiohttp-admin (>=0.1.0a0 <=0.1.0a3) +62 more potentially affected by CVE-2018-1000519 via aiohttp-session (>=0.8.0 <=2.1.0)

6.5CVSS6.5AI score0.01181EPSS

Exploits1

Github Security Blog•added 2018/09/13 3:46 p.m.•29 views

aiohttp-session Session Fixation vulnerability

The pypi package aiohttp-session before 2.4.0 contained a Session Fixation vulnerability in loadsession function for RedisStorage that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies ?session=, or meta tags or script tags wi...

6.5CVSS6.2AI score0.01181EPSS

Exploits1References6Affected Software1

OSV•added 2018/09/13 3:46 p.m.•19 views

GHSA-FPWP-69XV-C67F aiohttp-session Session Fixation vulnerability

7.1CVSS6.3AI score0.01181EPSS

Exploits1References7

CNVD•added 2018/06/28 12:0 a.m.•3 views

aio-libs aiohttp-session session fixation vulnerability

aio-libs aiohttp-session is an application that supports storing user-specific data into session objects. A session fixation vulnerability exists in the 'RedisStorage' function of RedisStorage in aio-libs aiohttp-session. An attacker can exploit this vulnerability to hijack a session with the hel...

6.5CVSS6.4AI score0.01181EPSS

Exploits1References1

NVD•added 2018/06/26 4:29 p.m.•17 views

CVE-2018-1000519

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

6.5CVSS6.4AI score0.01181EPSS

Exploits1References2

OSV•added 2018/06/26 4:29 p.m.•2 views

CVE-2018-1000519

6.5CVSS7AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by