Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2135 matches found

Tenable Nessus
Tenable Nessusadded 2024/02/06 12:0 a.m.39 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2024-017)

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2024-017 advisory. 2024-02-15: CVE-2021-30640 was added to this advisory. 2024-02-15: CVE-2021-33037 was added to this advisory. A...

6.5CVSS7.3AI score0.70951EPSS
Exploits4References8
Tenable Nessus
Tenable Nessusadded 2024/02/05 12:0 a.m.36 views

Fedora 39 : python-aiohttp (2024-f249b74f03)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f249b74f03 advisory. Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2...

7.5CVSS7.3AI score0.93602EPSS
Exploits16References3
IBM Security Bulletins
IBM Security Bulletinsadded 2024/01/31 1:40 p.m.20 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-20883]

Summary Potential VMware Tanzu Spring Boot denial of service, vulnerability caused by a flaw when Spring MVC is used together with a reverse proxy cache have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details fo...

7.5CVSS8.2AI score0.0069EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVEadded 2024/01/31 2:54 a.m.1 views

SUSE CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

5.9CVSS6.8AI score0.93602EPSS
Exploits15References4
RedhatCVE
RedhatCVEadded 2024/01/30 9:21 a.m.33 views

CVE-2024-23334

A flaw was found in aiohttp. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When...

5.9CVSS6.7AI score0.93602EPSS
Exploits15References4
NVD
NVDadded 2024/01/29 11:15 p.m.21 views

CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.4AI score0.93602EPSS
Exploits15References7
OSV
OSVadded 2024/01/29 11:15 p.m.3 views

AZL-43552 CVE-2024-23334 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.6AI score0.93602EPSS
Exploits15References1
OSV
OSVadded 2024/01/29 11:15 p.m.1 views

DEBIAN-CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.7AI score0.93602EPSS
Exploits15References1
UbuntuCve
UbuntuCveadded 2024/01/29 11:15 p.m.42 views

CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.8AI score0.93602EPSS
Exploits15References5
PyPA
PyPAadded 2024/01/29 11:15 p.m.5 views

PYSEC-2024-24

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.8AI score0.93602EPSS
Exploits15References5Affected Software1
Prion
Prionadded 2024/01/29 11:15 p.m.35 views

Directory traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

5CVSS7.3AI score0.93602EPSS
Exploits15References5Affected Software2
OSV
OSVadded 2024/01/29 11:15 p.m.0 views

UBUNTU-CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.8AI score0.93602EPSS
Exploits15References6
OSV
OSVadded 2024/01/29 11:15 p.m.1 views

PYSEC-2024-24

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS5.9AI score0.93602EPSS
Exploits15References4
Cvelist
Cvelistadded 2024/01/29 10:41 p.m.25 views

CVE-2024-23334 aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

5.9CVSS7.6AI score0.93602EPSS
Exploits15References5
OSV
OSVadded 2024/01/29 10:41 p.m.44 views

CVE-2024-23334 aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

5.9CVSS6.4AI score0.93602EPSS
Exploits15References9
Debian CVE
Debian CVEadded 2024/01/29 10:41 p.m.32 views

CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.6AI score0.93602EPSS
Exploits15
AlpineLinux
AlpineLinuxadded 2024/01/29 10:41 p.m.28 views

CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS7.5AI score0.93602EPSS
Exploits15
Github Security Blog
Github Security Blogadded 2024/01/29 10:31 p.m.57 views

aiohttp is vulnerable to directory traversal

Summary Improperly configuring static resource resolution in aiohttp when used as a web server can result in the unauthorized reading of arbitrary files on the system. Details When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static...

7.5CVSS7.3AI score0.93602EPSS
Exploits15References11Affected Software1
RedHat Linux
RedHat Linuxadded 2024/01/29 11:46 a.m.1 views

tomcat: HTTP request smuggling via malformed trailer headers

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

7.5CVSS6.8AI score0.53163EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2024/01/29 11:45 a.m.2 views

tomcat: HTTP request smuggling via malformed trailer headers

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

7.5CVSS6.8AI score0.53163EPSS
Exploits0References6
Rows per page
Query Builder