232 matches found
MiracleLinux 7 : firefox-60.3.0-1.0.1.el7.AXS7 (AXSA:2018-3376:08)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3376:08 advisory. Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 Mozilla: Crash with nested event loops CVE-2018-12392 Mozilla:...
OESA-2026-1018 python-tornado security update
Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a...
TencentOS Server 4: python-tornado (TSSA-2025:0977)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0977 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
PT-2026-20345
Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 5.3.6 Description The XML parser is susceptible to an unlimited amount of entity expansion. A small XML input can cause the parser to spend significant time processing a single request, leading to application...
SUSE CVE-2025-67725
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
AZL-72368 CVE-2025-67725 affecting package python-tornado 6.2.0-1
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
UBUNTU-CVE-2025-67725
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
CVE-2025-67726
Tornado (Python) vulnerability CVE-2025-67726 affects versions 6.5.2 and earlier, due to an inefficient _parseparam-based parsing of HTTP header parameters (e.g., Content-Disposition). The implementation repeatedly calls string.count() inside a nested loop while handling quoted semicolons, causin...
CVE-2025-67725
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...
Fedora 42 : libwebsockets (2025-0c12fa2541)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0c12fa2541 advisory. Update to 4.3.7, enable glib event loop Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
EUVD-2025-200372
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...
CVE-2025-55181
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...
EUVD-2020-3474
Malware in sbrugna...
EUVD-2018-0395
Malware in sbrugna...
EUVD-2018-0589
Malware in sbrugna...
EUVD-2018-0292
Malware in sbrugna...
EUVD-2025-4098
Malicious code in bioql PyPI...
EUVD-2024-2764
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-16119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is...
MAL-2025-29607 Malicious code in precon-event-loop-helper (npm)
The package precon-event-loop-helper was found to contain malicious code...