835 matches found
EUVD-2026-34092
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
CVE-2026-44546
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's par...
CVE-2026-44546
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
Twisted - Open Redirect & XSS
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...
Security update for python-Twisted
This update for python-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2026:2219-1 Security update for python-Twisted
This update for python-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...
Security update for python3-Twisted
This update for python3-Twisted fixes the following issue CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265. Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2026:2218-1 Security update for python3-Twisted
This update for python3-Twisted fixes the following issue - CVE-2026-42304: Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression bsc1265265...
CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5
CVE-2026-42304 affecting package python-twisted for versions less than 22.10.0-5. A patched version of the package is available...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42304)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42304 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior t...
OESA-2026-2488 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2026-1734)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1734 advisory. The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted...
Important: python-twisted
Issue Overview: The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasse...
OESA-2026-2370 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...
OESA-2026-2369 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...
OESA-2026-2368 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...
OESA-2026-2367 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...
Astra Linux - уязвимость в twisted
In words.protocols.jabber.xmlstream in Twisted through version 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to intercept connections...
Astra Linux - уязвимость в twisted
Twisted is an event-driven networking engine written in Python. In affected versions, Twisted exposes cookies and authorization headers when performing cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent functions. Users are advis...
Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
...