CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1128 matches found

NVD•added 2024/01/29 11:15 p.m.•36 views

CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

6.5CVSS6.5AI score0.00475EPSS

Exploits1References6

OSV•added 2024/01/29 11:15 p.m.•1 views

DEBIAN-CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.7AI score0.93664EPSS

Exploits15References1

PyPA•added 2024/01/29 11:15 p.m.•4 views

PYSEC-2024-26

7.5CVSS7.3AI score0.00475EPSS

Exploits2References6Affected Software1

UbuntuCve•added 2024/01/29 11:15 p.m.•42 views

CVE-2024-23334

7.5CVSS6.8AI score0.93664EPSS

Exploits15References5

vulnersOsv•added 2024/01/29 11:15 p.m.•4 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42782 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:PYSEC-2024-26...

6.5CVSS6.4AI score0.00475EPSS

Exploits1

PyPA•added 2024/01/29 11:15 p.m.•5 views

PYSEC-2024-24

7.5CVSS6.8AI score0.93664EPSS

Exploits15References5Affected Software1

Prion•added 2024/01/29 11:15 p.m.•40 views

Security feature bypass

6.4CVSS6.6AI score0.00475EPSS

Exploits2References5Affected Software2

UbuntuCve•added 2024/01/29 11:15 p.m.•39 views

CVE-2024-23829

6.5CVSS6.7AI score0.00475EPSS

Exploits1References5

OSV•added 2024/01/29 11:15 p.m.•1 views

UBUNTU-CVE-2024-23829

6.5CVSS6.7AI score0.00475EPSS

Exploits1References6

vulnersOsv•added 2024/01/29 11:15 p.m.•2 views

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42773 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)

aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:PYSEC-2024-24...

7.5CVSS6.6AI score0.93664EPSS

Exploits15

Prion•added 2024/01/29 11:15 p.m.•35 views

Directory traversal

5CVSS7.3AI score0.93664EPSS

Exploits15References5Affected Software2

OSV•added 2024/01/29 11:15 p.m.•0 views

UBUNTU-CVE-2024-23334

7.5CVSS6.8AI score0.93664EPSS

Exploits15References6

OSV•added 2024/01/29 11:15 p.m.•1 views

PYSEC-2024-24

7.5CVSS5.9AI score0.93664EPSS

Exploits15References4

OSV•added 2024/01/29 11:15 p.m.•2 views

PYSEC-2024-26

6.5CVSS6.8AI score0.00475EPSS

Exploits1References4

Cvelist•added 2024/01/29 10:41 p.m.•25 views

CVE-2024-23334 aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal

5.9CVSS7.6AI score0.93664EPSS

Exploits15References5

CVE•added 2024/01/29 10:41 p.m.•485 views

CVE-2024-23334

CVE-2024-23334 affects aiohttp when used as a web server with static routes and follow_symlinks=True, where reading a file isn’t validated against the static root. The vulnerability enables directory traversal to access arbitrary files; PoC and multiple advisories reference this behavior in versi...

7.5CVSS7.2AI score0.93664EPSS

In wildExploits15References7Affected Software1