42 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from null event access and potential PEBS record loss, which could result in the event pointer being cleared...
EUVD-2010-4725
Malware in sbrugna...
Characterizing Event-Themed Malicious Web Campaigns: A Case Study on War-Themed Websites
Cybercrimes such as online scams and fraud have become prevalent. Cybercriminals often abuse various global or regional events as themes of their fraudulent activities to breach user trust and attain a higher attack success rate. These attacks attempt to manipulate and deceive innocent people int...
CVE-2025-38055
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix segfault with PEBS-via-PT with samplefreq Currently, using PEBS-via-PT with a sample frequency instead of a sample period, causes a segfault. For example: BUG: kernel NULL pointer dereference, address:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in perf/x86 that causes a segmentation error during PEBS-via-PT sampling frequency configuration...
Medium: python-twisted
Issue Overview: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...
Debian dsa-5797 : python3-twisted - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5797 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5797-1 [email protected] https://www.debian.org/securit...
CVE-2024-41810
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site...
CVE-2024-41671
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...
CVE-2024-41671 twisted.web has disordered HTTP pipeline response
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...
DEBIAN-CVE-2024-26992
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host...
[SECURITY] Fedora 38 Update: rust-event-manager-0.4.0-2.fc38
Abstractions for implementing event based systems...
Fedora: Security Advisory for rust-event-manager (FEDORA-2024-f2305d485f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-event-manager (FEDORA-2024-04877592b7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Twisted vulnerabilities (USN-6575-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6575-1 advisory. It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly us...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-432)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-432 advisory. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously...
GHSA-XC8X-VP79-P3WM twisted.web has disordered HTTP pipeline response
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...
Important: python-twisted-web
Issue Overview: A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-130)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-130 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResourc...
CVE-2022-39348
CVE-2022-39348 (Twisted) affects the Twisted event-based framework for internet applications. When the host header does not match a configured host (twisted.web.vhost.NameVirtualHost), NoResource is returned and the Host header is unescaped in the 404, enabling HTML and script injection. The issu...