15 matches found
EUVD-2020-0390
Malware in sbrugna...
EUVD-2021-10095
Malware in sbrugna...
CVE-2025-52479
HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers URIs. URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RLSA-2025:0791 Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...
CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...
CVE-2024-42367
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...
CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
Fedora 38 : llhttp / python-aiohttp / uxplay (2023-bc1f081ca0)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-bc1f081ca0 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...
PYSEC-2023-250
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
CVE-2023-47627
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...
USN-4152-1: libsoup vulnerability
It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service...
[USN-1181-1] libsoup2.4 vulnerability
========================================================================== Ubuntu Security Notice USN-1181-1 July 28, 2011 libsoup2.4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
USN-1181-1: libsoup vulnerability
It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal...