CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

OSV•added 2023/12/08 11:6 a.m.•1 views

OESA-2023-1900 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker...

7.2CVSS6.8AI score0.0047EPSS

Exploits1References2

Fedora•added 2023/12/07 2:9 a.m.•38 views

[SECURITY] Fedora 39 Update: python-aiohttp-3.8.6-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

7.5CVSS6.5AI score0.00215EPSS

Exploits1

Fedora•added 2023/12/07 1:59 a.m.•22 views

[SECURITY] Fedora 38 Update: python-aiohttp-3.8.6-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

7.5CVSS6.5AI score0.00215EPSS

Exploits1

OpenVAS•added 2023/12/07 12:0 a.m.•17 views

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-bc1f081ca0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00215EPSS

Exploits1References2

Tenable Nessus•added 2023/12/06 12:0 a.m.•28 views

Fedora 39 : llhttp / python-aiohttp / uxplay (2023-5130a73b00)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5130a73b00 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...

7.5CVSS7AI score0.00215EPSS

Exploits1References2

Tenable Nessus•added 2023/12/06 12:0 a.m.•28 views

Fedora 38 : llhttp / python-aiohttp / uxplay (2023-bc1f081ca0)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-bc1f081ca0 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...

7.5CVSS7AI score0.00215EPSS

Exploits1References2

Veracode•added 2023/12/01 8:36 a.m.•29 views

CRLF Injection

aiohttp is vulnerable to CRLF Injection attack. The vulnerability arises due to improper HTTP version validation in aiohttp/clientreqrep.py. An attacker can preform CRLF injection if they have the ability to modify the HTTP version in the request header...

7.2CVSS7.2AI score0.0047EPSS

Exploits1References6Affected Software1

SUSE CVE•added 2023/12/01 2:19 a.m.•1 views

SUSE CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

4CVSS8AI score0.0047EPSS

Exploits1References5

SUSE CVE•added 2023/12/01 2:18 a.m.•1 views

SUSE CVE-2023-49082

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

5.9CVSS7.9AI score0.00228EPSS

Exploits1References4

RedhatCVE•added 2023/11/30 10:56 a.m.•27 views

CVE-2023-49082

A flaw was found in Aiohttp. This issue may allow an attacker to send a crafted HTTP request to the server and smuggle arbitrary HTTP headers due to improper validation of HTTP requests during the processing of the HTTP request method. By exploiting this flaw, an attacker can manipulate HTTP...

5.3CVSS5.4AI score0.00228EPSS

Exploits1References4

RedhatCVE•added 2023/11/30 10:26 a.m.•43 views

CVE-2023-49081

A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...

5.8CVSS6.8AI score0.0047EPSS

Exploits1References4

NVD•added 2023/11/30 7:15 a.m.•25 views

CVE-2023-49081

7.2CVSS0.0047EPSS

Exploits1References6

OSV•added 2023/11/30 7:15 a.m.•0 views

DEBIAN-CVE-2023-49081

5.3CVSS6.1AI score0.0047EPSS

Exploits1References1

OSV•added 2023/11/30 7:15 a.m.•1 views

UBUNTU-CVE-2023-49081

7.2CVSS6.5AI score0.0047EPSS

Exploits1References6

vulnersOsv•added 2023/11/30 7:15 a.m.•2 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +40190 more potentially affected by CVE-2023-49081 via aiohttp (>=0.13.1 <=3.8.6)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 - 1claw-crewai-tools =0.1.0 and more Source cves: CVE-2023-49081 Source advisory: OSV:PYSEC-2023-250...

7.2CVSS6.4AI score0.0047EPSS

Exploits1

UbuntuCve•added 2023/11/30 7:15 a.m.•37 views

CVE-2023-49081

7.2CVSS6.7AI score0.0047EPSS

Exploits1References5

OSV•added 2023/11/30 7:15 a.m.•60 views

PYSEC-2023-250

5.3CVSS5.1AI score0.0047EPSS

Exploits1References4

CVE•added 2023/11/30 6:56 a.m.•383 views

CVE-2023-49081

CVE-2023-49081 affects aiohttp (HTTP header/HTTP version validation issues) with remediation across multiple vendors: Debian advisories show fixes for python-aiohttp (Debian 11 bullseye: 3.7.4-1+deb11u1; DSA-5828-1 fixes to 3.8.4-1+deb12u1), IBM Storage Fusion bulletin requires upgrading to 2.8.0...

7.2CVSS6AI score0.0047EPSS

Exploits1References6Affected Software1

OSV•added 2023/11/30 6:56 a.m.•24 views

CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version

7.2CVSS6.1AI score0.0047EPSS

Exploits1References8