245 matches found
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083
CVE-2024-34083 affects aiosmtpd (Python SMTP server) prior to 1.4.6. The issue allows a MITM-style scenario where servers accept extra unencrypted commands after STARTTLS, as if from inside the encrypted channel. The vulnerability is mitigated by upgrading to aiosmtpd 1.4.6, which includes a patc...
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-30251
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
CVE-2024-30251
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
[SECURITY] Fedora 38 Update: python-aiohttp-3.9.5-1.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
[SECURITY] Fedora 39 Update: python-aiohttp-3.9.5-1.fc39
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
Fedora 39 : python-aiohttp (2024-e0057e6044)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0057e6044 advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...
Fedora 40 : python-aiohttp / python-openapi-core (2024-000a25f3fc)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-000a25f3fc advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...
Fedora 40 : python-aiohttp / python-pysqueezebox / python-wled (2023-d5bd6b62e4)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d5bd6b62e4 advisory. Security fix for CVE-2023-49081, CVE-2023-49082. Update python-aiohttp to 3.9.1. Patch python-pysqeezebox and python-wled so they do not have an...
[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-3.fc38
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-3.fc39
Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...
CVE-2024-27306
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...
CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...