Lucene search
K

1233 matches found

OSV
OSV
added 2022/04/21 1:20 p.m.11 views

USN-5386-1 python-aiohttp vulnerability

Jelmer Vernooij and Beast Glatisant discovered that AIOHTTP incorrectly handled certain URLs, leading to an open redirect attack. A remote attacker could possibly use this issue to perform phishing attacks...

6.1CVSS6.9AI score0.01905EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/03/16 12:0 a.m.18 views

AIOHTTP < 3.7.4 Open Redirect Vulnerability

According to its self-reported version, the AIOHTTP server hosted on the remote host is prior to version 3.7.4. It is, therefore, affected by a open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the clients browser to a different website. Note th...

6.1CVSS7.2AI score0.01905EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/02/26 11:30 a.m.29 views

NTLMRecon - Enumerate Information From NTLM Authentication Enabled Web Endpoints

A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an...

6.9AI score
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2021-0161)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.01905EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/01/25 9:15 a.m.4 views

aiohttp-init (=0.0.1), airhttprunner (>=3.1.4 <=3.1.6) +152 more potentially affected by CVE-2022-0338 via loguru (>=0.2.4 <=0.5.2)

loguru PYPI version =0.2.4, =3.1.4, =0.1.5, =0.1.1, =2.0.0, =0.2.3, =4.6.4, =2.3.2, =0.39.0, =0.52.0 and more Source cves: CVE-2022-0338 Source advisory: OSV:PYSEC-2022-14...

4.3CVSS5.8AI score0.00758EPSS
Exploits1
Redos
Redos
added 2021/12/24 12:0 a.m.31 views

ROS-2-435

2.435 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...

6.5AI score0.01905EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/01 6:21 a.m.29 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python aiohttp

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python aiohttp. Vulnerability Details CVEID: CVE-2021-21330 DESCRIPTION: AIOHTTP could allow a remote attacker to conduct phishing attacks, caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddlewar...

6.1CVSS1.1AI score0.01905EPSS
Exploits0Affected Software1
Redos
Redos
added 2021/09/08 12:0 a.m.46 views

ROS-2-792

2.792 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...

6.1CVSS6.8AI score0.01905EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2021:1313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.01905EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/06/04 12:0 a.m.27 views

FreeBSD : aiohttp -- open redirect vulnerability (3000acee-c45d-11eb-904f-14dae9d5a9d2)

Sviatoslav Sydorenko reports : Open redirect vulnerability -- a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddleware middleware. %NASLMINLEVEL 70300 C Tenable Network...

6.1CVSS6.9AI score0.01905EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/05/27 12:0 a.m.16 views

Fedora: Security Advisory for python-databases (FEDORA-2021-e7fabd81fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.6AI score0.00967EPSS
Exploits0References2
OSV
OSV
added 2021/04/26 7:12 a.m.5 views

SUSE-SU-2021:1313-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2021-21330: Fixed the way pure-Python HTTP parser interprets // bsc1184745...

6.1CVSS6.6AI score0.01905EPSS
Exploits0References3
Mageia
Mageia
added 2021/03/30 8:8 p.m.42 views

Updated python-aiohttp package fixes security vulnerability

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website CVE-2021-21330...

6.1CVSS2AI score0.01905EPSS
Exploits0References3
OSV
OSV
added 2021/03/30 8:8 p.m.11 views

MGASA-2021-0161 Updated python-aiohttp package fixes security vulnerability

Beast Glatisant and Jelmer Vernooij reported that python-aiohttp is prone to an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website CVE-2021-21330...

6.1CVSS6.4AI score0.01905EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/03/22 12:0 a.m.10 views

The vulnerability of the aiohttp HTTP client, related to the redirection of URLs to unreliable websites, allows attackers to carry out phishing attacks.

The vulnerability of the aiohttp HTTP client is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a remote attacker to carry out phishing attacks using a specially created link...

5.8CVSS7AI score0.01905EPSS
Exploits0References15Affected Software5
Kitploit
Kitploit
added 2021/03/08 11:30 a.m.26 views

Sub404 - A Python Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomainse.g more than 10k. It is not possible to test each manually or with traditional requests or...

7.3AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/03/08 12:0 a.m.36 views

Fedora 33 : python-aiohttp (2021-673b10ed77)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-673b10ed77 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect...

6.1CVSS7AI score0.01905EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/03/08 12:0 a.m.25 views

Fedora: Security Advisory for python-aiohttp (FEDORA-2021-673b10ed77)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.4AI score0.01905EPSS
Exploits0References2
Fedora
Fedora
added 2021/03/07 1:53 p.m.53 views

[SECURITY] Fedora 33 Update: python-aiohttp-3.7.4-1.fc33

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webserve rs with middlewares and pluggable routing...

6.1CVSS1.5AI score0.01905EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/03/02 5:3 p.m.30 views

CVE-2021-21330

An open redirect flaw was found in python-aiohttp. This flaw allows a remote, unauthenticated attacker to trick users into visiting a malicious webpage, disguised as a legitimate webpage and affects applications using the normalizepathmiddleware functionality. The highest threat from this...

8.2CVSS4.7AI score0.01905EPSS
Exploits0References4
Rows per page
Query Builder