Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
twisted vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-46137
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled b...
Twistedmatrix Twisted
2 Github repositories
NA
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for...
Matrix Synapse
NA
CVE-2023-32683
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addres...
Matrix Synapse
NA
CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response a...
Twistedmatrix Twisted
Debian Debian Linux 10.0
NA
CVE-2022-36436
OSU Open Source Lab VNCAuthProxy up to and including 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a ...
Osuosl Twisted Vnc Authentication Proxy
1 Github repository
605
VMScore
CVE-2022-24801
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non...
Twistedmatrix Twisted
Debian Debian Linux 9.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Oracle Zfs Storage Appliance Kit 8.8
446
VMScore
CVE-2022-21716
Twisted is an event-based framework for internet applications, supporting Python 3.6+. before 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the availabl...
Twistedmatrix Twisted
Debian Debian Linux 9.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Fedoraproject Fedora 35
Fedoraproject Fedora 36
446
VMScore
CVE-2022-21712
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functi...
Twistedmatrix Twisted
Debian Debian Linux 9.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
383
VMScore
CVE-2021-41281
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the aff...
Matrix Synapse
Fedoraproject Fedora 34
Fedoraproject Fedora 35
668
VMScore
CVE-2020-10108
In Twisted Web up to and including 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined reques...
Twistedmatrix Twisted
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Oracle Solaris 11
Oracle Solaris 10
Oracle Zfs Storage Appliance Kit 8.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »