Lucene search
K

178 matches found

SUSE Linux
SUSE Linux
added 2026/02/25 9:47 a.m.7 views

Security update 5.1.2 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header paramete...

8.7CVSS5.5AI score0.00403EPSS
Exploits0References20
OSV
OSV
added 2026/02/25 9:47 a.m.4 views

SUSE-SU-2026:0631-1 Security update 5.1.2 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/02/10 6:26 p.m.4 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/02/10 5:54 p.m.3 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/01 12:0 a.m.7 views

Debian dla-4461 : python-tornado-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4461 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4461-1 [email protected]...

7.5CVSS5.6AI score0.00403EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/01/30 12:25 a.m.4 views

SUSE CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/28 3:1 a.m.6 views

CVE-2026-22263

A flaw was found in Suricata, a network Intrusion Detection System IDS, Intrusion Prevention System IPS, and Network Security Monitoring NSM engine. A remote attacker can exploit an inefficiency in HTTP/1 header parsing by sending multiple packets with specially crafted headers. This can lead to ...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/27 6:27 p.m.6 views

EUVD-2026-4771

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : squid-3.5.20-17.el7.10 (AXSA:2024-7673:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7673:03 advisory. squid: denial of service in HTTP header parser CVE-2024-25617 squid: denial of service in HTTP request parsing CVE-2023-50269 squid: Buffer over-rea...

8.6CVSS5.8AI score0.88864EPSS
Exploits0References7
OSV
OSV
added 2026/01/19 11:45 a.m.2 views

SUSE-SU-2026:20360-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-14523: flaw in HTTP header handling can lead to host header parsing discrepancy between servers and proxies and allow for request smuggling, cache poisoning and bypass of access controls bsc1254876. - CVE-2025-12105: heap use-after-fr...

8.6CVSS5.8AI score0.00557EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 7 : php-5.4.16-48.0.6.el7.AXS7 (AXSA:2025-10014:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10014:03 advisory. CVE-2025-1217: fix handling of folded headers by the http stream parser CVE-2025-1734: fix validation of http headers with missing colon...

9.8CVSS6.4AI score0.00821EPSS
Exploits1References4
OSV
OSV
added 2026/01/09 2:5 p.m.7 views

OESA-2026-1018 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a...

7.5CVSS6.7AI score0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.12 views

CVE-2023-29013

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...

7.5CVSS6.5AI score0.01085EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/04 12:0 a.m.5 views

TencentOS Server 4: python-tornado (TSSA-2025:0977)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0977 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7AI score0.00403EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/25 12:27 a.m.7 views

SUSE CVE-2025-67726

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

7.5CVSS6.5AI score0.00378EPSS
Exploits0References43
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.8 views

PT-2025-51296

Name of the Vulnerable Software and Affected Versions Member Login Script version 3.3 Description The software contains a client-side desynchronization issue related to how HTTP requests are handled. Specifically, the vulnerability stems from the parsing of the Content-Length header. An attacker...

6.9CVSS6.6AI score0.00309EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

Tornado 安全漏洞

Tornado is a Python web framework and asynchronous networking library from the Chinese Tornado Technology Tornado community. The library scales to thousands of open connections through the use of non-blocking network I/O, making it well suited for long-time polling, WebSockets, and other...

7.5CVSS6.4AI score0.00378EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 7:21 a.m.56 views

CVE-2025-62691

Affected software : Security Point (Windows) of MaLion and MaLionCloud. Vulnerability : stack-based buffer overflow while processing HTTP headers, enabling a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Impact : arbitrary code execution with SYSTEM rights on v...

9.8CVSS7.9AI score0.00593EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/25 7:21 a.m.2 views

CVE-2025-62691

Security Point Windows of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SYSTEM privilege...

9.8CVSS7.9AI score0.00593EPSS
Exploits0References2
NVD
NVD
added 2025/10/17 3:15 p.m.28 views

CVE-2025-55085

In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior...

8.8CVSS0.00554EPSS
Exploits1References1
Rows per page
Query Builder