Lucene search
K

109 matches found

Amazon
Amazon
added 2023/03/22 12:0 a.m.4 views

Medium: python-twisted

Issue Overview: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowi...

5.4CVSS5.9AI score0.01156EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.5 views

SUSE CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS7AI score0.02406EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-39348

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

3.7CVSS7.5AI score0.01156EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2022/10/26 8:15 p.m.39 views

CVE-2022-39348

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

5.4CVSS6.5AI score0.01156EPSS
Exploits1References3
Prion
Prion
added 2022/10/26 8:15 p.m.30 views

Code injection

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

4.9CVSS5.5AI score0.01156EPSS
Exploits1References5Affected Software2
Positive Technologies
Positive Technologies
added 2022/10/26 12:0 a.m.2 views

PT-2022-7596

Name of the Vulnerable Software and Affected Versions Twisted versions 0.9.4 through 22.10.0rc1 Description The issue is related to the Twisted event-based framework for internet applications. When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a...

5.5CVSS6.6AI score0.01156EPSS
Exploits1References65
Vulnrichment
Vulnrichment
added 2022/10/26 12:0 a.m.5 views

CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

5.4CVSS7.1AI score0.01156EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/10/03 12:0 a.m.5 views

Vulnerability of functions twited.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent in the Twisted web framework, allowing attackers to access confidential data

The vulnerability of the twisted.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent functions in the Twisted web framework relates to the disclosure of cookies and authentication headers during redirects between sources. Exploiting this vulnerability allows a remote attacker to gain acces...

7.8CVSS7.2AI score0.01381EPSS
Exploits0References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/09/28 12:0 a.m.6 views

The vulnerability of SSH clients and server-side networking frameworks like Twisted involves buffer copying without input data validation, allowing attackers to cause service failures.

The vulnerability of SSH clients and server-side networking frameworks like Twisted relates to the ability to accept an infinite number of data entries for the SSH version identifier. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

7.8CVSS7.3AI score0.03608EPSS
Exploits1References10Affected Software6
Tenable Nessus
Tenable Nessus
added 2022/07/21 12:0 a.m.52 views

Amazon Linux 2 : python-twisted-web (ALAS-2022-1827)

The version of python-twisted-web installed on the remote host is prior to 12.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1827 advisory. A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the...

8.1CVSS7.4AI score0.028EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.52 views

SUSE SLES15 Security Update : python-Twisted (SUSE-SU-2022:2297-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2297-1 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server...

7.5CVSS7.8AI score0.03608EPSS
Exploits1References4
OSV
OSV
added 2022/04/04 6:15 p.m.53 views

PYSEC-2022-195

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

8.1CVSS0.3AI score0.028EPSS
Exploits0References4
PyPA
PyPA
added 2022/04/04 6:15 p.m.5 views

PYSEC-2022-195

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

8.1CVSS7AI score0.028EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/04 5:25 p.m.37 views

CVE-2022-24801 HTTP Request Smuggling in twisted.web

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

8.1CVSS8.3AI score0.028EPSS
Exploits0References9
OSV
OSV
added 2022/03/03 9:15 p.m.2 views

DEBIAN-CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

7.5CVSS7.9AI score0.03608EPSS
Exploits1References1
Prion
Prion
added 2022/03/03 9:15 p.m.22 views

Design/Logic Flaw

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

5CVSS7.4AI score0.03608EPSS
Exploits1References9Affected Software5
OSV
OSV
added 2022/03/03 9:15 p.m.2 views

UBUNTU-CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

7.5CVSS7.3AI score0.03608EPSS
Exploits1References8
PyPA
PyPA
added 2022/03/03 9:15 p.m.7 views

PYSEC-2022-160

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

7.5CVSS7AI score0.03608EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/03/03 12:0 a.m.10 views

CVE-2022-21716 Buffer Overflow in Twisted

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

7.5CVSS7.5AI score0.03608EPSS
Exploits1References9
Microsoft CVE
Microsoft CVE
added 2022/02/15 8:0 a.m.4 views

Cookie and header exposure in twisted

...

7.5CVSS7.5AI score0.01381EPSS
Exploits0
Rows per page
Query Builder