6 matches found
Azure Linux 3.0 Security Update: libarchive (CVE-2024-37407)
The version of libarchive installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37407 advisory. - Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and...
Linux Distros Unpatched Vulnerability : CVE-2023-37476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code...
DEBIAN-CVE-2023-37476
OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...
AZL-44805 CVE-2021-21330 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...
PYSEC-2021-76
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...
GHSA-V6WP-4M6F-GCJG `aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Impact Open redirect vulnerability — a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the aiohttp.webmiddlewares.normalizepathmiddleware middleware. Patches This security problem has been fixed in v3.7.4. Upgrade...