Adobe ColdFusion Input Validation Error Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion is vulnerable to an input validation error vulnerability that originates from the system failing to properly process a specific input. No detailed vulnerability details are...

Adobe ColdFusion Command Injection Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from a command injection vulnerability due to the system failing to properly neutralize or filter specific elements when processing certain input. An attacker could...

CVE-2024-41810

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site...

CVE-2024-41671

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...

CVE-2024-41671 twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...

CVE-2024-23644

CVE-2024-23644 affects Trillium, specifically the crates trillium-http (versions prior to 0.3.12) and trillium-client (prior to 0.5.4). The issue is improper validation of outbound header values and names, where header values/names can be constructed infallibly and may contain illegal bytes. If a...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Twisted vulnerabilities (USN-6575-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6575-1 advisory. It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly us...

twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

GHSA-XC8X-VP79-P3WM twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

CVE-2023-46137

Twisted (event-based Python framework) is affected by CVE-2023-46137: before 23.10.0rc1, sending multiple HTTP requests in a single TCP packet could cause twisted.web to process them out of order, enabling an attacker-controlled endpoint to delay a response and manipulate the second response in a...

Amazon Linux AMI : python-twisted-web (ALAS-2023-1717)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1717 advisory. A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length...

Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-130)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-130 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResourc...

CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

CVE-2022-39348

CVE-2022-39348 (Twisted) affects the Twisted event-based framework for internet applications. When the host header does not match a configured host (twisted.web.vhost.NameVirtualHost), NoResource is returned and the Host header is unescaped in the 404, enabling HTML and script injection. The issu...

CVE-2022-21716 Buffer Overflow in Twisted

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

CVE-2022-21716

CVE-2022-21716 affects Twisted (Python, event-driven networking framework). The issue arises in Twisted SSH client/server where, prior to 22.2.0, the peer SSH version identifier can be fed an unlimited amount of data, causing a memory-exhaustion vulnerability (buffer growth). The example of explo...

XML Entity Injection Vulnerability in UFIDA U8+ CRM Customer Relationship Management Software (CNVD-2021-55195)

formerly known as Shanghai Qitong Software Co., Ltd., is a management digital service company that integrates the development, consulting, marketing, training, implementation and service of management software and Internet applications. An XML entity injection vulnerability exists in UFIDA U8+ CR...

Important: Red Hat Security Advisory: python-twisted-web security update

An update for python-twisted-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

The vulnerability in the `mozilla::a11y::DocAccessible::PutChildrenBack` function of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a attacker to trigger a service failure.

The vulnerability of the mozilla::a11y::DocAccessible::PutChildrenBack function in Mozilla Firefox, Firefox ESR, and the Thunderbird email client arises due to an operation that goes beyond the buffer boundaries in memory when working with ARIA Accessible Rich Internet Applications attributes usi...