Fedora: Security Advisory for python-aiohttp (FEDORA-2023-a04cc349e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-aiohttp (FEDORA-2023-1f06098c71)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-1235 · Oracle · Oracle Isupport

Name of the Vulnerable Software and Affected Versions: Oracle iSupport versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the Internal Operations component of Oracle iSupport, part of the Oracle E-Business Suite. This allows a remote attacker to...

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.1-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2023:4909-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4909-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

Exploit for CVE-2022-21907

CVE-2022-21907 Vulnerability in HTTP Protocol Stack Enabling R...

[SECURITY] Fedora 39 Update: python-aiohttp-3.8.6-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 38 Update: python-aiohttp-3.8.6-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

PT-2023-9576 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Auctions component in Oracle Sourcing, part of the Oracle E-Business Suite. This can allow a remote...

PT-2023-9840 · Oracle · Peoplesoft Enterprise Peopletools

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.61 Description: The issue is related to the Portal component of Oracle PeopleSoft Enterprise PeopleTools, where the structure of web pages is not properly protected. This can be...

SUSE CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

AZL-44538 CVE-2023-47641 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

GHSA-XX9P-XXVH-7G8J Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks

Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...