Lucene search
+L

14 matches found

ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-56578

Name of the Vulnerable Software and Affected Versions AsyncSSH versions prior to 2.23.1 Description AsyncSSH is a Python package providing an asynchronous client and server implementation of the SSHv2 protocol. A malicious SSH server can write arbitrary files on the SCP client's filesystem by...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/22 4:40 p.m.32 views

CVE-2026-54280 AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS0.00281EPSS
Exploits0References2
nessus
nessus
added 2026/06/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to ...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References3
nessus
nessus
added 2026/06/22 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-54280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client...

7.5CVSS5.9AI score0.00281EPSS
Exploits0References3
nessus
nessus
added 2026/06/03 12:0 a.m.26 views

Linux Distros Unpatched Vulnerability : CVE-2026-47265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are...

8.7CVSS6.1AI score0.0015EPSS
Exploits0References3
susecve
susecve
added 2026/04/02 11:26 p.m.7 views

SUSE CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

3.7CVSS5.8AI score0.0044EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/04/01 9:16 p.m.4 views

CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References4
debiancve
debiancve
added 2026/04/01 8:28 p.m.7 views

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.2AI score0.00288EPSS
Exploits0
attackerkb
attackerkb
added 2026/04/01 8:26 p.m.6 views

CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.7AI score0.00292EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/01/06 12:15 a.m.5 views

UBUNTU-CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

8.7CVSS6.3AI score0.00338EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2026/01/06 12:0 a.m.4 views

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS7.1AI score0.00337EPSS
Exploits0References4
nessus
nessus
added 2026/01/06 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-69229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessi...

8.7CVSS7AI score0.00338EPSS
Exploits0References3
osv
osv
added 2026/01/05 10:15 p.m.5 views

UBUNTU-CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS6.3AI score0.00487EPSS
Exploits0References5
f5
f5
added 2025/02/06 8:2 p.m.11 views

K000149683: Python asyncio vulnerability CVE-2024-12254

Security Advisory Description Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodicall...

8.7CVSS7.9AI score0.0188EPSS
Exploits0
Rows per page
Query Builder