1561 matches found
Important: python-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...
EUVD-2025-206124
To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...
CVE-2023-54256
Removed by vendor...
EUVD-2025-203696
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...
CVE-2025-68200
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...
CVE-2025-68200
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...
UBUNTU-CVE-2025-68200
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...
CVE-2025-68200 bpf: Add bpf_prog_run_data_pointers()
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...
CVE-2025-68200
CVE-2025-68200 is a Linux kernel vulnerability addressed by introducing bpf_prog_run_data_pointers() to save/restore net_sched storage that collides with BPF data_meta/data_end. The issue stemmed from cls_bpf_classify() potentially modifying tc_skb_cb(skb)->drop_reason, triggering a warning in...
CVE-2025-68200 bpf: Add bpf_prog_run_data_pointers()
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpfprogrundatapointers syzbot found that clsbpfclassify is able to change tcskbcbskb-dropreason triggering a warning in skskbreasondrop. WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 skskbreasondrop...
SUSE CVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
CVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
HTTP Header Injection
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to HTTP Header Injection via the reason argument in HTTP status handling. An attacker can inject arbitrary HTTP headers or execute...
CVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
AZL-72377 CVE-2025-67724 affecting package python-tornado 6.3.3-11
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
UBUNTU-CVE-2025-67724
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
EUVD-2025-203032
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...
CVE-2025-67724
Summary (CVE-2025-67724 family: Tornado 6.5.x) Tornado, a Python web framework/networking library, is affected in versions 6.5.2 and earlier. The issue fixes unescaped reason phrases in HTTP headers (header injection risk) and in the default HTML error page (potential XSS) when data is passed to ...
CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...