Lucene search
K

1053 matches found

NVD
NVD
added yesterday4 views

CVE-2026-49854

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...

5.3CVSS0.00027EPSS
Exploits0References4
CVE
CVE
added yesterday22 views

CVE-2026-49855

Tornado (Python) prior to 6.5.6 allows a malicious server accessed via SimpleAsyncHTTPClient or an HTTPServer with decompress_request=True to accumulate decompressed data without an overall size limit, potentially causing memory exhaustion. Affected is gzip decompression routines that previously ...

7.5CVSS6.1AI score0.00052EPSS
Exploits0References3
CVE
CVE
added yesterday76 views

CVE-2026-49854

Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...

5.3CVSS6.1AI score0.00027EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday27 views

CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...

5.3CVSS0.00027EPSS
Exploits0References4
Fedora
Fedora
added 3 days ago8 views

[SECURITY] Fedora 44 Update: python-tornado-6.5.7-1.fc44

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

8.7CVSS6.7AI score0.00375EPSS
Exploits0
Fedora
Fedora
added 3 days ago5 views

[SECURITY] Fedora 43 Update: python-tornado-6.5.7-1.fc43

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...

8.7CVSS6.7AI score0.00375EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.6 views

ROOT-APP-PYPI-CVE-2025-47287 CVE-2025-47287 in rootio-tornado - Patched by Root

Root has patched CVE-2025-47287 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS7AI score0.00667EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.5 views

ROOT-APP-PYPI-GHSA-78CV-MQJ4-43F7 GHSA-78cv-mqj4-43f7 in rootio-tornado - Patched by Root

Root has patched GHSA-78cv-mqj4-43f7 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

5.4CVSS5.9AI score
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.5 views

ROOT-APP-PYPI-CVE-2023-28370 CVE-2023-28370 in rootio-tornado - Patched by Root

Root has patched CVE-2023-28370 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

6.1CVSS6.6AI score0.01132EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.6 views

ROOT-APP-PYPI-CVE-2024-52804 CVE-2024-52804 in rootio-tornado - Patched by Root

Root has patched CVE-2024-52804 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.01051EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.5 views

ROOT-APP-PYPI-GHSA-753J-MPMX-QQ6G GHSA-753j-mpmx-qq6g in rootio-tornado - Patched by Root

Root has patched GHSA-753j-mpmx-qq6g in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.9AI score
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.4 views

ROOT-APP-PYPI-GHSA-QPPV-J76H-2RPX GHSA-qppv-j76h-2rpx in rootio-tornado - Patched by Root

Root has patched GHSA-qppv-j76h-2rpx in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.4 views

ROOT-APP-PYPI-GHSA-W235-7P84-XX57 GHSA-w235-7p84-xx57 in rootio-tornado - Patched by Root

Root has patched GHSA-w235-7p84-xx57 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.9AI score
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.6 views

ROOT-APP-PYPI-CVE-2026-35536 CVE-2026-35536 in rootio-tornado - Patched by Root

Root has patched CVE-2026-35536 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.2CVSS5.9AI score0.00237EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.5 views

ROOT-APP-PYPI-CVE-2026-31958 CVE-2026-31958 in rootio-tornado - Patched by Root

Root has patched CVE-2026-31958 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00375EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.9 views

ROOT-APP-PYPI-CVE-2026-49853 CVE-2026-49853 in rootio-tornado - Patched by Root

Root has patched CVE-2026-49853 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.7CVSS5.3AI score0.00034EPSS
Exploits0
OSV
OSV
added 2026/07/08 1:58 p.m.9 views

ROOT-APP-PYPI-CVE-2026-49855 CVE-2026-49855 in rootio-tornado - Patched by Root

Root has patched CVE-2026-49855 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.3AI score0.00052EPSS
Exploits0
Photon
Photon
added 2026/07/08 12:0 a.m.5 views

Important Photon OS Security Update - PHSA-2026-4.0-1053

Updates of 'python3-tornado', 'python3-ujson' packages of Photon OS have been released...

8.7CVSS6.1AI score0.00421EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : python-tornado6 (SUSE-SU-2026:2725-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2725-1 advisory. This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded...

7.7CVSS6.2AI score0.00052EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:2726-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2726-1 advisory. This update for python-tornado fixes the following issues - CVE-2026-49853: authorization header forwarded...

7.7CVSS6.2AI score0.00052EPSS
Exploits0References10
Rows per page
Query Builder