Lucene search
K

348 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.6 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : AIOHTTP vulnerabilities (USN-8032-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8032-1 advisory. Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References8
Ubuntu
Ubuntu
added 2026/02/13 3:52 a.m.6 views

USN-8032-1: AIOHTTP vulnerabilities

Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...

8.7CVSS7.3AI score0.00487EPSS
Exploits0
OSV
OSV
added 2026/02/13 3:52 a.m.9 views

USN-8032-1 python-aiohttp vulnerabilities

Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. CVE-2025-69223 Thomas Rinsma discovered that AIOHTTP incorrectly handled...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/10 4:38 p.m.11 views

Security Bulletin: Starlette FileResponse Range Header Parsing DoS Vulnerability, affects watsonx.data

Summary Starlette versions 0.39.0–0.49.0 allow unauthenticated attackers to cause CPU exhaustion by sending crafted HTTP Range headers to file-serving endpoints. The issue is fixed in version 0.49.1. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette i...

7.5CVSS5.6AI score0.00638EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/06 7:0 p.m.9 views

[actix-files] Panic triggered by empty Range header in GET request for static file

Summary A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand. Details actix-files assumes that HttpRange::parse, when Ok, always returns a vector with at least one element. When parse...

5.6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/06 7:0 p.m.6 views

GHSA-GCQF-3G44-VC9P [actix-files] Panic triggered by empty Range header in GET request for static file

Summary A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand. Details actix-files assumes that HttpRange::parse, when Ok, always returns a vector with at least one element. When parse...

6.9CVSS5.6AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/06 12:0 a.m.9 views

[actix-files] Panic triggered by empty Range header in GET request for static file

A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand...

5.9AI score
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 1:44 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

8.6CVSS7AI score0.02394EPSS
Exploits4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : pcs-0.10.18-2.el8_10.ML.1 (AXSA:2024-8447:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8447:02 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header...

7.5CVSS8AI score0.35376EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : squid:4 (AXSA:2021-2820:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2820:01 advisory. squid: denial of service in URN processing CVE-2021-28651 squid: denial of service issue in Cache Manager CVE-2021-28652 squid: denial of service in...

7.5CVSS5.7AI score0.95785EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : pcs-0.11.7-2.el9_4.ML.1 (AXSA:2024-8111:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8111:01 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header...

7.5CVSS8AI score0.35376EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : libsoup-2.72.0-10.el9_6.1 (AXSA:2025-10579:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10579:11 advisory. libsoup: Integer overflow in appendparamquoted CVE-2025-32050 libsoup: Heap buffer overflow in sniffunknown CVE-2025-32052 libsoup: Heap buffer...

9CVSS7.1AI score0.00847EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/01/07 12:24 a.m.2 views

SUSE CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

5.3CVSS6.5AI score0.00236EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/06 7:28 a.m.6 views

CVE-2025-69225

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. The parser logic allows non-ASCII decimal characters in the HTTP Range header. This could potentially enable a remote attacker to exploit a request smuggling vulnerability, leading to the bypass of security controls or...

6.9CVSS6.2AI score0.00236EPSS
Exploits0References5
NVD
NVD
added 2026/01/06 12:15 a.m.9 views

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/01/06 12:15 a.m.10 views

AZL-73523 CVE-2025-69225 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS5.7AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.4 views

DEBIAN-CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

5.3CVSS7.5AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.11 views

AZL-73500 CVE-2025-69225 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS5.7AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 12:15 a.m.5 views

UBUNTU-CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS6.3AI score0.00236EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.3 views

aiohttp 环境问题漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. An environment issue vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from the presence of non-ASCII decimal numbers allowed in the Range header, which could lead to a...

6.9CVSS6.3AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder