Lucene search
K

244 matches found

Fedora
Fedora
added 2024/11/28 2:45 a.m.20 views

[SECURITY] Fedora 40 Update: python-aiohttp-3.9.5-2.fc40

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

7.5CVSS6.6AI score0.00576EPSS
Exploits0
NVD
NVD
added 2024/11/18 9:15 p.m.22 views

CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

7.5CVSS0.00576EPSS
Exploits0References3
NVD
NVD
added 2024/11/18 8:15 p.m.13 views

CVE-2024-52303

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

8.7CVSS0.00563EPSS
Exploits0References2
CVE
CVE
added 2024/11/18 8:12 p.m.3091 views

CVE-2024-52304

CVE-2024-52304 – aiohttp request-smuggling vulnerability : Prior to 3.10.11, aiohttp’s Python parser mishandled newlines in chunk extensions, enabling a request-smuggling condition under certain scenarios. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker coul...

7.5CVSS7AI score0.00576EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/18 8:12 p.m.14 views

CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

6.3CVSS7.2AI score0.00576EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/18 8:12 p.m.24 views

CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

6.3CVSS0.00576EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/11/18 8:8 p.m.9 views

CVE-2024-52303

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

8.7CVSS7.6AI score0.00563EPSS
Exploits0
OSV
OSV
added 2024/11/18 8:8 p.m.17 views

CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

8.7CVSS7.6AI score0.00563EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.6 views

The vulnerability of the _asyncio._swap_current_task component in the Python interpreter allows a attacker to access confidential information.

The vulnerability of the asyncio.swapcurrenttask function in the Python interpreter is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...

5.3CVSS6.2AI score0.01493EPSS
Exploits1References8Affected Software2
Fedora
Fedora
added 2024/10/26 3:3 a.m.26 views

[SECURITY] Fedora 41 Update: python-starlette-0.40.0-1.fc41

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

8.7CVSS3.9AI score0.00658EPSS
Exploits0
Fedora
Fedora
added 2024/10/24 1:28 a.m.15 views

[SECURITY] Fedora 40 Update: python-starlette-0.40.0-1.fc40

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

8.7CVSS3.9AI score0.00658EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/05 8:33 p.m.61 views

USN-6991-1: AIOHTTP vulnerability

It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...

7.5CVSS7.3AI score0.76875EPSS
Exploits15
Debian CVE
Debian CVE
added 2024/08/09 5:25 p.m.20 views

CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

4.8CVSS6.5AI score0.00645EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.22 views

Fedora: Security Advisory (FEDORA-2024-e0057e6044)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.00666EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.23 views

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f34786d26f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.3AI score0.00666EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.16 views

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-2f15e6e876)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.8AI score0.01155EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.23 views

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f83b123d63)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.8AI score0.01155EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.16 views

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-000a25f3fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.00666EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/05/18 7:15 p.m.18 views

CVE-2024-34083

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

5.4CVSS6.1AI score0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/18 6:12 p.m.11 views

CVE-2024-34083 STARTTLS unencrypted commands injection

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

5.4CVSS6.8AI score0.00228EPSS
Exploits0References3
Rows per page
Query Builder