48 matches found
CVE-2023-39348
creationtimestamp| type| source ---|---|--- 2023-08-29 00:17:06+00:00| seen| https://t.me/cibsecurity/69326...
CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
Amazon Linux AMI : python-twisted-web (ALAS-2023-1717)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1717 advisory. A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length...
Important: python-twisted-web
Issue Overview: A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass...
Amazon Linux 2 : python-twisted-web (ALAS-2023-2008)
The version of python-twisted-web installed on the remote host is prior to 12.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2008 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does no...
Medium: python-twisted
Issue Overview: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowi...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-130)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-130 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResourc...
MGASA-2023-0061 Updated python-twisted packages fix security vulnerability
When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...
Updated python-twisted packages fix security vulnerability
When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...
CVE-2022-39348 affecting package python-twisted for versions less than 22.10.0-2
CVE-2022-39348 affecting package python-twisted for versions less than 22.10.0-2. An upgraded version of the package is available that resolves this issue...
[SECURITY] [DLA 3212-1] twisted security update
Debian LTS Advisory DLA-3212-1 [email protected] https://www.debian.org/lts/security/ Dominik George November 28, 2022 https://wiki.debian.org/LTS Package : twisted Version : 18.9.0-3+deb10u2 CVE ID : CVE-2022-39348 Debian Bug : It was discovered that twisted, a framework for internet...
Debian dla-3212 : python-twisted - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3212 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3212-1 [email protected] https://www.debian.org/lts/security/...
SUSE: Security Advisory (SUSE-SU-2022:4074-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Twisted (SUSE-SU-2022:4057-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4057-1 advisory. - CVE-2022-39348: Fixed NameVirtualHost Host header injection bsc1204781. Tenable has extracted the...
SUSE SLES12 Security Update : python-Twisted (SUSE-SU-2022:4074-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4074-1 advisory. - CVE-2022-39348: Fixed NameVirtualHost Host header injection bsc1204781. Tenable has extracted the preceding description block...
SUSE-SU-2022:4074-1 Security update for python-Twisted
This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection bsc1204781...
SUSE: Security Advisory (SUSE-SU-2022:4057-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:4057-1 Security update for python-Twisted
This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection bsc1204781...
SUSE: Security Advisory (SUSE-SU-2022:4000-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...