Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Python Library Tornado < 6.5.6 Multiple Vulnerabilities

The version of the Tornado Python library installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities: - When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes...

5.9AI score0.00052EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.8 views

Oracle Linux 9 : python-tornado (ELSA-2026-13670)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-13670 advisory. 6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160941 Tenable has extracted the preceding description block directly from the Oracle Linux security...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: pcs (UTSA-2026-006185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006185 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

7.5CVSS5.9AI score0.00667EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/25 12:27 a.m.4 views

SUSE CVE-2025-67726

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

7.5CVSS6.5AI score0.00371EPSS
Exploits0References43
OSV
OSV
added 2025/12/20 12:0 a.m.4 views

OPENSUSE-SU-2025:15838-1 python311-tornado6-6.5.4-1.1 on GA media

These are all security issues fixed in the python311-tornado6-6.5.4-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.1AI score0.00396EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/12/12 5:36 a.m.1 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6.4AI score0.00185EPSS
Exploits0
Rows per page
Query Builder