Mageia: Security Advisory (MGASA-2024-0235)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

MGASA-2024-0235 Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 Exploit and PoC This repository contains a Pro...

OPENSUSE-SU-2024:13209-1 python310-aiohttp-3.8.5-2.1 on GA media

These are all security issues fixed in the python310-aiohttp-3.8.5-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13691-1 python310-aiohttp-3.9.3-2.1 on GA media

These are all security issues fixed in the python310-aiohttp-3.9.3-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13965-1 python310-aiohttp-3.9.5-2.1 on GA media

These are all security issues fixed in the python310-aiohttp-3.9.5-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13642-1 python310-aiohttp-3.9.3-1.1 on GA media

These are all security issues fixed in the python310-aiohttp-3.9.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13465-1 python310-aiohttp-3.9.0-1.1 on GA media

These are all security issues fixed in the python310-aiohttp-3.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

aiohttp: XSS on index pages for static file handling

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

aiohttp: DoS when trying to parse malformed POST requests

An infinite loop flaw was found in aiohttp when handling POST multipart/form-data requests. This flaw allows an attacker to send a specially crafted request, leading the server to enter an infinite loop and render it unable to process any further requests. This denial of service can be triggered ...

SUSE-SU-2024:1866-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-27306: Fixed XSS on index pages for static file handling bsc1223098...

The vulnerability of the aiohttp HTTP client, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.

The vulnerability of the aiohttp HTTP client is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-000a25f3fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-e0057e6044)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-5dc487ee89)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-2f15e6e876)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f83b123d63)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f34786d26f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details CVEID:CVE-2024-11...