Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-42367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which...

4.8CVSS6.8AI score0.00645EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:47 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a...

4.8CVSS5AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 8:21 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367 Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote...

4.8CVSS4.9AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/09 8:14 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.8CVSS4.8AI score0.00645EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2024/09/06 12:0 a.m.20 views

openSUSE Security Advisory (SUSE-SU-2024:3110-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.8CVSS6.8AI score0.00645EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/09/04 12:0 a.m.18 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:3110-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3110-1 advisory. - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files ...

4.8CVSS6.7AI score0.00645EPSS
Exploits0References4
OSV
OSV
added 2024/09/03 3:2 p.m.20 views

SUSE-SU-2024:3110-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files as symbolic links bsc1229226...

4.8CVSS5.3AI score0.00645EPSS
Exploits0References3
Chainguard
Chainguard
added 2024/08/12 1:38 p.m.15 views

CVE-2024-42367 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, request-1276, airflow, nemo, kserve, dask-gateway, checkov...

4.8CVSS6.7AI score0.00645EPSS
Exploits0
Wolfi
Wolfi
added 2024/08/12 1:38 p.m.46 views

CVE-2024-42367 vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa, checkov, airflow, kserve, dask-gateway...

4.8CVSS6.7AI score0.00645EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/09 5:25 p.m.23 views

CVE-2024-42367

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

4.8CVSS6.5AI score0.00645EPSS
Exploits0
Cvelist
Cvelist
added 2024/08/09 5:25 p.m.37 views

CVE-2024-42367 In aiohttp, compressed files as symlinks are not protected from path traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

4.8CVSS0.00645EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/08/09 4:49 p.m.8 views

acapy-agent (>=1.1.0 <=1.1.0rc1), acapy-agent-jamie-testing (=1.0.1) +248 more potentially affected by CVE-2024-42367 via aiohttp (>=3.10.0rc0 <=3.10.11)

aiohttp PYPI version =3.10.0rc0, =1.1.0, =0.0.7.1, =4.8.2, =1.0.1, =0.61.0, =0.60.2, =0.2.1, =0.9.0, =0.0.1, =3.11.0, =0.1.0, =0.1.5 and more Source cves: CVE-2024-42367 Source advisory: OSV:GHSA-JWHX-XCG6-8XHJ...

4.8CVSS6.6AI score0.00645EPSS
Exploits0
Rows per page
Query Builder