Lucene search
K

245 matches found

Cvelist
Cvelist
added 2024/05/18 6:12 p.m.36 views

CVE-2024-34083 STARTTLS unencrypted commands injection

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

5.4CVSS5.4AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 2024/05/18 6:12 p.m.13 views

CVE-2024-34083 STARTTLS unencrypted commands injection

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

5.4CVSS5.4AI score0.00228EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/18 6:12 p.m.12 views

CVE-2024-34083 STARTTLS unencrypted commands injection

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

5.4CVSS6.8AI score0.00228EPSS
Exploits0References3
CVE
CVE
added 2024/05/18 6:12 p.m.65 views

CVE-2024-34083

CVE-2024-34083 affects aiosmtpd (Python SMTP server) prior to 1.4.6. The issue allows a MITM-style scenario where servers accept extra unencrypted commands after STARTTLS, as if from inside the encrypted channel. The vulnerability is mitigated by upgrading to aiosmtpd 1.4.6, which includes a patc...

5.4CVSS6.6AI score0.00228EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/05/18 6:12 p.m.11 views

CVE-2024-34083

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

5.4CVSS5.4AI score0.00228EPSS
Exploits0
NVD
NVD
added 2024/05/02 2:15 p.m.24 views

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS7.4AI score0.01085EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/05/02 1:55 p.m.25 views

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS7.4AI score0.01085EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/02 1:55 p.m.63 views

CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS7.5AI score0.01085EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/05/02 1:55 p.m.39 views

CVE-2024-30251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...

7.5CVSS6.3AI score0.01085EPSS
Exploits0
Fedora
Fedora
added 2024/05/02 1:44 a.m.33 views

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.5-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

6.1CVSS6.6AI score0.00666EPSS
Exploits0
Fedora
Fedora
added 2024/05/02 1:39 a.m.30 views

[SECURITY] Fedora 39 Update: python-aiohttp-3.9.5-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

6.1CVSS6.6AI score0.00666EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/01 12:0 a.m.32 views

Fedora 39 : python-aiohttp (2024-e0057e6044)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0057e6044 advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

6.1CVSS7.3AI score0.00666EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/01 12:0 a.m.35 views

Fedora 40 : python-aiohttp / python-openapi-core (2024-000a25f3fc)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-000a25f3fc advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...

6.1CVSS7.3AI score0.00666EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.37 views

Fedora 40 : python-aiohttp / python-pysqueezebox / python-wled (2023-d5bd6b62e4)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d5bd6b62e4 advisory. Security fix for CVE-2023-49081, CVE-2023-49082. Update python-aiohttp to 3.9.1. Patch python-pysqeezebox and python-wled so they do not have an...

7.2CVSS6.5AI score0.0094EPSS
Exploits2References3
Fedora
Fedora
added 2024/04/20 2:14 a.m.27 views

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-3.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

6.5CVSS6.6AI score0.01155EPSS
Exploits0
Fedora
Fedora
added 2024/04/20 1:3 a.m.34 views

[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-3.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

6.5CVSS6.6AI score0.01155EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/04/18 8:58 p.m.46 views

CVE-2024-27306

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

6.1CVSS6AI score0.00666EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/04/18 3:15 p.m.55 views

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.8AI score0.00666EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/18 2:23 p.m.37 views

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS5.8AI score0.00666EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/04/18 2:23 p.m.34 views

CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.1AI score0.00666EPSS
Exploits0References6
Rows per page
Query Builder