Lucene search
K

15 matches found

OSV
OSV
added 2026/06/03 2:20 p.m.6 views

SUSE-SU-2026:2256-1 Security update for salt

This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

RockyLinux 10 : python-tornado (RLSA-2026:19034)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19034 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 3:3 a.m.16 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

8.7CVSS7.1AI score0.00375EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 6:2 a.m.9 views

RLSA-2026:13670 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

5.4CVSS7.3AI score0.00375EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RockyLinux 9 : python-tornado (RLSA-2026:13670)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13670 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handli...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 10:29 a.m.13 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/05 9:22 a.m.10 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS7.2AI score0.00375EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/29 5:59 a.m.12 views

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

9.8CVSS8.8AI score0.01735EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.28 views

MiracleLinux 8 : pcs-0.10.18-2.el8_10.9.ML.1 (AXSA:2026-468:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-468:04 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 Tenable has extracted the preceding description block directly from the...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 12:0 a.m.6 views

ALSA-2026:8093 Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 For more details about the security issues, including the impact, a CVSS score,...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References4
OSV
OSV
added 2026/01/21 12:0 a.m.7 views

ALSA-2026:0930 Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-67726 For more details about...

7.5CVSS5.5AI score0.00396EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

MiracleLinux 8 : pcs-0.10.18-2.el8_10.5.ML.1 (AXSA:2025-10529:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10529:04 advisory. rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser CVE-2025-46727 tornado: Tornado Multipart Form-Data Denial of Service CVE-2025-47287...

7.5CVSS6.9AI score0.00911EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 6:13 a.m.5 views

CVE-2025-67726 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

7.5CVSS6.7AI score0.00371EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.7 views

python-tornado security update

An update is available for python-tornado. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

7.5CVSS7AI score0.00667EPSS
Exploits0
Veracode
Veracode
added 2025/05/20 4:59 a.m.18 views

Denial Of Service (DoS)

Tornado is vulnerable to a Denial Of Service DoS. The vulnerability is due to Tornado’s multipart/form-data parser continuing to process data after encountering errors, allows an attacker to generate excessive synchronous logging...

7.5CVSS7.3AI score0.00667EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder