1053 matches found
CVE-2026-49854
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
CVE-2026-49855
Tornado (Python) prior to 6.5.6 allows a malicious server accessed via SimpleAsyncHTTPClient or an HTTPServer with decompress_request=True to accumulate decompressed data without an overall size limit, potentially causing memory exhaustion. Affected is gzip decompression routines that previously ...
CVE-2026-49854
Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...
CVE-2026-49854 Tornado: Out-of-bounds memory access in C extension
Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...
[SECURITY] Fedora 44 Update: python-tornado-6.5.7-1.fc44
Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...
[SECURITY] Fedora 43 Update: python-tornado-6.5.7-1.fc43
Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...
ROOT-APP-PYPI-CVE-2025-47287 CVE-2025-47287 in rootio-tornado - Patched by Root
Root has patched CVE-2025-47287 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-78CV-MQJ4-43F7 GHSA-78cv-mqj4-43f7 in rootio-tornado - Patched by Root
Root has patched GHSA-78cv-mqj4-43f7 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-28370 CVE-2023-28370 in rootio-tornado - Patched by Root
Root has patched CVE-2023-28370 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2024-52804 CVE-2024-52804 in rootio-tornado - Patched by Root
Root has patched CVE-2024-52804 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-753J-MPMX-QQ6G GHSA-753j-mpmx-qq6g in rootio-tornado - Patched by Root
Root has patched GHSA-753j-mpmx-qq6g in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-QPPV-J76H-2RPX GHSA-qppv-j76h-2rpx in rootio-tornado - Patched by Root
Root has patched GHSA-qppv-j76h-2rpx in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-W235-7P84-XX57 GHSA-w235-7p84-xx57 in rootio-tornado - Patched by Root
Root has patched GHSA-w235-7p84-xx57 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-35536 CVE-2026-35536 in rootio-tornado - Patched by Root
Root has patched CVE-2026-35536 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-31958 CVE-2026-31958 in rootio-tornado - Patched by Root
Root has patched CVE-2026-31958 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-49853 CVE-2026-49853 in rootio-tornado - Patched by Root
Root has patched CVE-2026-49853 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-49855 CVE-2026-49855 in rootio-tornado - Patched by Root
Root has patched CVE-2026-49855 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...
Important Photon OS Security Update - PHSA-2026-4.0-1053
Updates of 'python3-tornado', 'python3-ujson' packages of Photon OS have been released...
SUSE SLED15 / SLES15 Security Update : python-tornado6 (SUSE-SU-2026:2725-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2725-1 advisory. This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded...
SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:2726-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2726-1 advisory. This update for python-tornado fixes the following issues - CVE-2026-49853: authorization header forwarded...