AZL-43369 CVE-2024-30251 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

SUSE CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

UBUNTU-CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

CVE-2024-21509

A prototype pollution vulnerability was found in mysql2. Insecure results in object creation and improper user input sanitization can lead to prototype poisoning. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...

CVE-2024-21508

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values...

QKSMS 安全漏洞

QKSMS is an open source alternative to the Stock Messaging application on Android by Moez Bhatti Personal Developer. A security vulnerability exists in QKSMS 3.9.4 and earlier versions, which stems from a security flaw in the file androidmanifest.xml of the component Backup File Handler...

BIT-HELM-2022-36055 Denial of service in Helm

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. The strvals package contains a parser that turns strings in to Go...

openSUSE: Security Advisory for maven, maven (SUSE-SU-2023:4527-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2353

The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chpabdaction function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin...

CVE-2023-2353

The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chpabdaction function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin...

CVE-2023-2353

The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chpabdaction function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin...

CVE-2023-2352

The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chpabdaction function. This makes it possible for unauthenticated attackers to update or reset plugin...

CVE-2023-2354

The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2023-2354

The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

PT-2023-19014 · WordPress · Chp Ads Block Detector

Name of the Vulnerable Software and Affected Versions: CHP Ads Block Detector plugin for WordPress versions up to, and including, 3.9.4 Description: The issue allows unauthorized updates and resets of plugin settings due to a missing capability check on the chp abd action function. This enables...

CVE-2023-39109

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

CVE-2023-39108

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...