1055 matches found
ROOT-APP-PYPI-CVE-2026-31958 CVE-2026-31958 in rootio-tornado - Patched by Root
Root has patched CVE-2026-31958 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-QPPV-J76H-2RPX GHSA-qppv-j76h-2rpx in rootio-tornado - Patched by Root
Root has patched GHSA-qppv-j76h-2rpx in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-753J-MPMX-QQ6G GHSA-753j-mpmx-qq6g in rootio-tornado - Patched by Root
Root has patched GHSA-753j-mpmx-qq6g in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-52804 CVE-2024-52804 in rootio-tornado - Patched by Root
Root has patched CVE-2024-52804 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-49853 CVE-2026-49853 in rootio-tornado - Patched by Root
Root has patched CVE-2026-49853 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-28370 CVE-2023-28370 in rootio-tornado - Patched by Root
Root has patched CVE-2023-28370 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-49855 CVE-2026-49855 in rootio-tornado - Patched by Root
Root has patched CVE-2026-49855 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-78CV-MQJ4-43F7 GHSA-78cv-mqj4-43f7 in rootio-tornado - Patched by Root
Root has patched GHSA-78cv-mqj4-43f7 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-47287 CVE-2025-47287 in rootio-tornado - Patched by Root
Root has patched CVE-2025-47287 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-35536 CVE-2026-35536 in rootio-tornado - Patched by Root
Root has patched CVE-2026-35536 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-W235-7P84-XX57 GHSA-w235-7p84-xx57 in rootio-tornado - Patched by Root
Root has patched GHSA-w235-7p84-xx57 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
CVE-2026-49855
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks, allowing a malicious server accessed by SimpleAsyncHTTPClient or an...
CVE-2026-49853
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization, authusername, authpassword, and authmode in place when a redirect changed scheme, host, or port...
CVE-2026-49854
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
CVE-2026-49855
Tornado (Python) prior to 6.5.6 allows a malicious server accessed via SimpleAsyncHTTPClient or an HTTPServer with decompress_request=True to accumulate decompressed data without an overall size limit, potentially causing memory exhaustion. Affected is gzip decompression routines that previously ...
CVE-2026-49854
Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...
CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
[SECURITY] Fedora 44 Update: python-tornado-6.5.7-1.fc44
Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...
[SECURITY] Fedora 43 Update: python-tornado-6.5.7-1.fc43
Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...
Important Photon OS Security Update - PHSA-2026-4.0-1053
Updates of 'python3-tornado', 'python3-ujson' packages of Photon OS have been released...