SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2023:4909-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4909-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

[SECURITY] Fedora 39 Update: python-aiohttp-3.8.6-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 38 Update: python-aiohttp-3.8.6-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

PT-2023-9576 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to weaknesses in the authorization mechanism of the Auctions component in Oracle Sourcing, part of the Oracle E-Business Suite. This can allow a remote...

SUSE CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

AZL-44538 CVE-2023-47641 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

CVE-2023-47641 Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-LengthCL and Transfer-EncodingTE header...

GHSA-XX9P-XXVH-7G8J Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks

Impact Aiohttp has a security vulnerability regarding the inconsistent interpretation of the http protocol. As we know that HTTP/1.1 is persistent, if we have both Content-LengthCL and Transfer-EncodingTE it can lead to incorrect interpretation of two entities that parse the HTTP and we can poiso...

Important: amazon-ecr-credential-helper

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: amazon-ecr-credential-helper Note: This advisory is...

Design/Logic Flaw

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

CVE-2023-45220

The Android Client application, when enrolled with the define method 1the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

PT-2023-29497 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue concerns the use of the HTTP protocol instead of HTTPS to retrieve sensitive information, including IP addresses and credentials for a remote MQTT broker entity...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Important: tomcat

Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...