Moderate: Red Hat Security Advisory: Satellite 6.14.3 Async Security Update

An update is now available for Red Hat Satellite 6.14 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

python-aiohttp: http request smuggling

An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...

aiohttp: HTTP request modification

A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...

Attacks, Vulnerabilities and Actors 18 to 24 March 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, eight vulnerabilities were uncovered, and five active adversaries...

Aiohttp Vulnerability Leveraged by ShadowSyndicate

Summary: The cybercriminal group ShadowSyndicate has been detected scanning for vulnerable servers, aiming to exploit a recently addressed vulnerability in the widely-used Aiohttp library. This exploit, if successful, could lead to unauthorized access to sensitive data on servers globally, posing...

The vulnerability of the aiohttp HTTP client, related to deficiencies in handling headers like Content-Length and Transfer-Encoding, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the aiohttp HTTP client is related to deficiencies in handling headers such as Content-Length and Transfer-Encoding. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely HTTP Request Smuggling attack...

The vulnerability of the aiohttp HTTP client, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the aiohttp HTTP client is related to deficiencies in the handling of HTTP request headers. Exploiting this vulnerability allows an attacker to send hidden HTTP requests remotely HTTP Request Smuggling attack...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 PoC Description This repository contains a...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334-PoC A proof of concept of the path traversal vu...

ROS-20240318-01

Aiohttp HTTP client vulnerability exists due to insufficient input validation. Exploitation vulnerability could allow an attacker acting remotely to modify an HTTP request or create a new HTTP request The aiohttp HTTP client vulnerability is related to code analyzer errors when the header is...

ROS-2-1162

2.1162 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2024:1057)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1057 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

openSUSE Security Advisory (SUSE-SU-2024:0034-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:0033-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

aiohttp: CRLF injection if user controls the HTTP method using aiohttp client

A flaw was found in Aiohttp. This issue may allow an attacker to send a crafted HTTP request to the server and smuggle arbitrary HTTP headers due to improper validation of HTTP requests during the processing of the HTTP request method. By exploiting this flaw, an attacker can manipulate HTTP...

aiohttp: HTTP request modification

A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...

python-aiohttp: numerous issues in HTTP parser with header parsing

An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 :; 남의 exploit 리뷰 Review an exploit publis...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp, python-time-machine (SUSE-SU-2024:0577-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0577-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parse...

SUSE: Security Advisory (SUSE-SU-2024:0577-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...