MGASA-2025-0282 Updated python-tornado packages fix security vulnerability

Tornado vulnerable to excessive logging caused by malformed multipart form data. CVE-2025-47287...

Security Bulletin: IBM Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data

Summary Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data. This is starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. Vulnerability...

SUSE CVE-2025-7338

Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. This request causes an unhandled...

Multer 安全漏洞

Multer is an expressjs open source middleware for Node.js. A security vulnerability exists in Multer versions 1.4.4-lts.1 through prior to 2.0.2, which stems from an unhandled exception in the handling of malformed multipart upload requests, which could lead to a denial of service...

GHSA-9WJ4-8H85-PGRW OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint

Impact OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run ...

SUSE-SU-2025:01726-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-47287: excessive logging when parsing malformed multipart/form-data can lead to a denial-of-service bsc1243268...

Security update for python-tornado6

This update for python-tornado6 fixes the following issues: CVE-2025-47287: excessive logging when parsing malformed multipart/form-data can lead to a denial-of-service bsc1243268. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

SUSE-SU-2025:01649-2 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-47287: excessive logging when parsing malformed multipart/form-data can lead to a denial-of-service bsc1243268...

CVE-2024-10713

A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service DoS attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart requests with arbitrary...

GHSA-6GMF-2369-C76C ZenML unauthenticated DoS via Multipart Boundry

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

ZenML unauthenticated DoS via Multipart Boundry

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

PYSEC-2025-57

A Denial of Service DoS vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundar...

CVE-2024-10713

The CVE-2024-10713 entry concerns szad670401/hyperlpr v3.0 and describes a Denial of Service (DoS) caused by the server failing to handle excessive characters at the end of multipart boundaries. Connected documents confirm the vulnerability is triggered by malformed multipart requests with arbitr...

HyperLPR 资源管理错误漏洞

HyperLPR is a high-performance Chinese license plate recognition framework developed by Jack Yu. A resource management error vulnerability exists in HyperLPR v3.0, which stems from the server's inability to handle excessive characters at the end of multi-part boundaries, and an attacker can cause...

Danswer 资源管理错误漏洞

Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A resource management error vulnerability exists in Danswer version v0.3.94, which stems from the fact that uploading a file with malformed multi-part boundaries may...

FastChat 资源管理错误漏洞

FastChat is an open platform from LMSYS for training, deploying, and evaluating chatbots based on large language models. A resource management error vulnerability exists in FastChat version v0.2.36, which stems from the server's inability to handle excessive characters at the end of multipart...

SUSE CVE-2006-1173

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and migh...

CVE-2020-14009

Proofpoint Enterprise Protection PPS/PoD before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipa...

PT-2022-2183 · Pjsip +3 · Pjsip +3

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.11.1 and prior Description: The issue is related to a potential out-of-bound read access when parsing an incoming SIP message that contains a malformed multipart. This affects all PJSIP users that accept SIP multipart. The...

Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Overview Apache Commons FileUpload contains a denial-of-service DoS vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool ...