Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-8781

Malware in sbrugna...

5.5CVSS6.8AI score0.0206EPSS
Exploits1References18
RedHat Linux
RedHat Linux
added 2025/10/02 11:58 a.m.13 views

netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...

7.5CVSS7.1AI score0.00631EPSS
Exploits1References11
OSV
OSV
added 2025/01/17 2:7 p.m.5 views

OESA-2025-1046 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain...

7.5CVSS7.2AI score0.00576EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/11/20 3:49 a.m.6 views

SUSE CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

5.3CVSS9.7AI score0.00576EPSS
Exploits0References5
OSV
OSV
added 2024/11/18 9:15 p.m.7 views

AZL-53232 CVE-2024-52304 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

7.5CVSS7.3AI score0.00576EPSS
Exploits0References1
OSV
OSV
added 2024/11/18 9:15 p.m.1 views

DEBIAN-CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

7.5CVSS7AI score0.00576EPSS
Exploits0References1
OSV
OSV
added 2024/11/18 9:15 p.m.12 views

UBUNTU-CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

7.5CVSS7.2AI score0.00576EPSS
Exploits0References5
Snyk
Snyk
added 2024/11/18 9:2 p.m.3 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect parsing of newlines in chunk extensions via the feeddata function. An attacker can bypass firewall or proxy protections by sending specially crafted requests. Note: Exploiting this vulnerability i...

8.2CVSS7AI score0.00576EPSS
Exploits0References2
OSV
OSV
added 2016/09/20 2:15 p.m.2 views

DEBIAN-CVE-2015-8925

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

5.5CVSS8.3AI score0.0206EPSS
Exploits1References1
NVD
NVD
added 2016/09/20 2:15 p.m.19 views

CVE-2015-8925

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

5.5CVSS6AI score0.0206EPSS
Exploits1References11
Prion
Prion
added 2016/09/20 2:15 p.m.19 views

Design/Logic Flaw

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

4.3CVSS6.8AI score0.0206EPSS
Exploits1References11Affected Software5
CVE
CVE
added 2016/09/20 2:0 p.m.88 views

CVE-2015-8925

CVE-2015-8925 affects libarchive (before 3.2.0). A denial of service can be triggered by processing a crafted mtree file due to an invalid memory read in read_mtree. Affected products include libarchive in various distributions; remediation is to upgrade to a fixed libarchive version as provided ...

5.5CVSS6.2AI score0.0206EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2016/09/20 2:0 p.m.31 views

CVE-2015-8925

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

6AI score0.0206EPSS
Exploits1References11
Debian CVE
Debian CVE
added 2016/09/20 2:0 p.m.23 views

CVE-2015-8925

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

5.5CVSS6.2AI score0.0206EPSS
Exploits1
OSV
OSV
added 2015/12/31 12:0 a.m.5 views

UBUNTU-CVE-2015-8925

The readline function in archivereadsupportformatmtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service invalid read via a crafted mtree file, related to newline parsing...

5.5CVSS6.8AI score0.0206EPSS
Exploits1References3
Rows per page
Query Builder