RHEL 10 : python-tornado (RHSA-2026:19034)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19034 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Denial Of Service (DoS)

starlite is vulnerable to Denial of Service DoS attacks. A malicious user is able to consume a large amount of CPU time and RAM because the multipart body parser accepts an unlimited number of file parts and field parts, which can cause the application to crash...

GHSA-P24M-863F-FM6Q Denial of service vulnerability when parsing multipart request body

Summary The request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. Details The multipart body parser processes an unlimited number of file parts. The multipart body parser processes an unlimited number of field parts. Impact...

Denial of service due to unlimited number of parts

Impact The multipart body parser accepts an unlimited number of file parts. The multipart body parser accepts an unlimited number of field parts. The multipart body parser accepts an unlimited number of empty parts as field parts. Patches This is fixed in v7.4.1 for Fastify v4.x and v6.0.1 for...

GHSA-HPP2-2CR5-PF6G Denial of service due to unlimited number of parts

Impact The multipart body parser accepts an unlimited number of file parts. The multipart body parser accepts an unlimited number of field parts. The multipart body parser accepts an unlimited number of empty parts as field parts. Patches This is fixed in v7.4.1 for Fastify v4.x and v6.0.1 for...

Updated libapreq2 packages fix security vulnerability

Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested "multipart" body is processed...

CVE-2017-16026

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...

Resource Management Errors

Overview Affected versions of this package are vulnerable to Resource Management Errors. The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary...