ALSA-2024:10590 Important: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues,...

CVE-2024-52804

The CVE-2024-52804 issue affects Tornado prior to 6.4.2, where the HTTP cookie parsing algorithm can exhibit quadratic complexity, causing high CPU usage in the event loop and potential DoS. The documented fix is upgrading to Tornado 6.4.2. Connected advisories also reference mitigation in packag...

CVE-2024-52804 Tornado has HTTP cookie parsing DoS vulnerability

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

ROS-20241021-06

A vulnerability in the ASGI Starlette toolkit for creating asynchronous Python web services is related to the following the ability for a remote unauthenticated user to view files in a web service. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensiti...

Exploit for Improper Input Validation in Cacti

CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 Fully auto...

Fedora: Security Advisory (FEDORA-2024-d05d37ead7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-7dac82a14e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Twisted 安全漏洞

Twisted is an open source event-driven open source web engine written in the Python language by Twisted Matrix Labs. A security vulnerability exists in Twisted version 24.3.0 and earlier, which stems from the fact that the HTTP 1.0 and 1.1 servers provided by twisted.web process pipelined HTTP...

[SECURITY] Fedora 40 Update: python-django-4.2.14-2.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Exploit for SQL Injection in Djangoproject Django

CVE-2022-28346 A flaw was found in the Django package, which l...

[SECURITY] Fedora 38 Update: python-django-4.1.12-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

USN-6414-2: Django vulnerabilities

USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote...

CVE-2023-40587 Pyramid static view path traversal up one directory

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

XSS_vuln_issue

It is an offensive tool for web application security testing. Th...

Fedora: Security Advisory for python-django3 (FEDORA-2023-0d20d09f2d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: python-django3-3.2.19-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

SUSE CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

SUSE CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

CVE-2022-31570

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...