Quarkus 环境问题漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. An environmental issue vulnerability exists in Quarkus that stems from the inclusion of an HTTP cookie smuggling issue...

RHEL 9 : python-tornado (RHSA-2024:10843)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:10843 advisory. Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and...

Important: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

A flaw was found in Tornado's HTTP cookie parsing algorithm. This vulnerability allows excessive CPU consumption via maliciously crafted cookie headers due to Quadratic complexity, potentially blocking the processing of other requests and leading to the loss of availability of the system...

Important: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : python-tornado (RHSA-2024:10836)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:10836 advisory. Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and...

Important: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 9 : python-tornado (RHSA-2024:10590)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:10590 advisory. Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and...

Important: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues,...

ALSA-2024:10590 Important: python-tornado security update

Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: Tornado has HTTP cookie parsing DoS vulnerability CVE-2024-52804 For more details about the security issues,...

CVE-2024-52804 Tornado has HTTP cookie parsing DoS vulnerability

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-47764)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47764 advisory. - cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set...

CVE-2024-47764

CVE-2024-47764 affects a Node.js cookie parsing/serialization package. The vulnerability arises because the cookie name can be used to influence other cookie fields, potentially yielding an unexpected cookie value; a similar escape can affect path and domain to alter other fields. Public advisori...

CVE-2024-47764 cookie accepts cookie name, path, and domain with out of bounds characters

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

OPENSUSE-SU-2024:14073-1 ruby3.3-rubygem-http-cookie-1.0.6-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-http-cookie-1.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13158-1 ruby3.2-rubygem-http-cookie-1.0.5-1.4 on GA media

These are all security issues fixed in the ruby3.2-rubygem-http-cookie-1.0.5-1.4 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12248-1 ruby3.1-rubygem-http-cookie-1.0.5-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-http-cookie-1.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11333-1 ruby2.7-rubygem-http-cookie-1.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-http-cookie-1.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

RHEL 5 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 - Mozilla Firef...

CVE-2024-5294

The CVE-2024-5294 entry concerns the D-Link DIR-3040 router. The vulnerable component is prog.cgi (HNAP handler for the lighttpd server on ports 80/443). The root cause is improper memory management when processing HTTP cookie values, causing a memory leak that enables a denial-of-service conditi...