DEBIAN-CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

AZL-53229 CVE-2024-52304 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

UBUNTU-CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

GHSA-8495-4G3G-X7PR aiohttp allows request smuggling due to incorrect parsing of chunk extensions

Summary The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker m...

OESA-2024-2375 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

Waitress 安全漏洞

Waitress is a production-quality, pure Python WSGI server from the Pylons project. A security vulnerability existed prior to Waitress version 3.0.1, which stemmed from the inclusion of a race condition issue...

USN-7030-1: py7zr vulnerability

It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host...

CVE-2024-3219 Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection

The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...

Minerva Attack

ecdsa is vulnerable to Minerva Attack. The vulnerability is due to timing discrepancies within the ecdsa.SigningKey.signdigest function, which allows attackers to deduce the private key by analyzing the time taken to generate ECDSA signatures with varying nonce sizes. The maintainers will not...

UBUNTU-CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

[SECURITY] Fedora 37 Update: python-mistune-2.0.4-1.fc37

The fastest markdown parser in pure Python, inspired by marked...

Kerberoast - Kerberoast Attack -Pure Python-

Kerberos attack toolkit -pure python- Install pip3 install kerberoast Prereqirements Python 3.6 See requirements.txt For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following : +://:@/?= : +://:@/?= Steps -with SSPI-: kerberoast auto Steps -SSPI not...

ALSA-2021:4161 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 For...

Fedora: Security Advisory for python-rsa (FEDORA-2021-c1fef03e71)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: python-rsa-4.7.2-1.fc35

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

USN-4535-1: RDFLib vulnerability

Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code. CVE-2019-7653...

USN-4478-1: Python-RSA vulnerability

It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information...

[SECURITY] Fedora 31 Update: python-rsa-3.4.2-15.fc31

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

Duplicate Advisory: possible DoS caused by malformed signature decoding in Pure-Python ECDSA

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pwfw-mgfj-7g3g. This link is maintained to preserve external references...