Lucene search
K

128 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

AlmaLinux 9 : python-tornado (ALSA-2026:13670)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:13670 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handlin...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RockyLinux 10 : python-tornado (RLSA-2026:13641)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13641 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 10:29 a.m.14 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/05 9:22 a.m.11 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS5.6AI score0.00237EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/05 9:22 a.m.10 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS7.2AI score0.00375EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/05/05 12:0 a.m.11 views

Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References6
OSV
OSV
added 2026/05/05 12:0 a.m.9 views

ALSA-2026:13670 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.7 views

RHEL 9 : python-tornado (RHSA-2026:13670)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:13670 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References7
OSV
OSV
added 2026/05/05 12:0 a.m.5 views

ALSA-2026:13641 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.11 views

Amazon Linux 2023 : python3-tornado (ALAS2023-2026-1587)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1587 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/04/28 7:27 p.m.10 views

USN-8198-2: Tornado vulnerabilities

USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of...

8.7CVSS8.7AI score0.00375EPSS
Exploits0
OSV
OSV
added 2026/04/22 5:52 p.m.5 views

USN-8198-1 python-tornado vulnerabilities

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...

8.7CVSS5.5AI score0.00375EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/04/22 5:52 p.m.12 views

USN-8198-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...

8.7CVSS5.8AI score0.00375EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.5 views

SUSE CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/03 6:31 a.m.5 views

EUVD-2026-18574

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.9AI score0.00237EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 6:31 a.m.7 views

Tornado has cookie attribute injection via .RequestHandler.set_cookie

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.9AI score0.00237EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 a.m.3 views

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.9AI score0.00237EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/03 2:25 a.m.3 views

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.2AI score0.00237EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/03 2:25 a.m.8 views

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.9AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/03 2:25 a.m.20 views

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS0.00237EPSS
Exploits0References2
Rows per page
Query Builder