CBL Mariner 2.0 Security Update: mysql (CVE-2025-30689)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30689 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions th...

Azure Linux 3.0 Security Update: mysql (CVE-2025-30688)

The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30688 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions th...

CVE-2025-3090

CVE-2025-3090 affects MB Connect Line mbCONNECT24, mymbCONNECT24 (and related Helmholz/MB products) with a common root cause: missing authentication for a critical function. This enables an unauthenticated remote attacker to access limited sensitive information and/or trigger denial of service ov...

Apache Tomcat - DoS in multipart upload

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be...

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

Medium: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

Amazon Linux 2 : libtasn1 (ALAS-2025-2886)

The version of libtasn1 installed on the remote host is prior to 4.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2886 advisory. When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific elemen...

Amazon Linux 2023 : python3-tornado (ALAS2023-2025-1002)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1002 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but continues trying to parse the remainde...

CLSA-2025-1749571114 pam: Fix of 2 CVEs

CVE-2024-10041: fix possibility of leakage of secret information stored in memory - CVE-2024-22365: fix potential DoS via mkfifo because the openat call lacks ODIRECTORY...

BIT-MARIADB-MIN-2021-2372

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Medium: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

CVE-2025-5399 WebSocket endless loop

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

OESA-2025-1614 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS bsc1236974. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Medium: libtasn1

Issue Overview: When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer...

Amazon Linux 2023 : libtasn1, libtasn1-devel, libtasn1-tools (ALAS2023-2025-989)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-989 advisory. When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a...

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol...

Debian dla-4188 : python-tornado-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4188 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4188-1 [email protected] https://www.debian.org/lts/security/...

RHEL 8 / 9 : Satellite 6.16.5.1 Async Update (Important) (RHSA-2025:7605)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7605 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...