RHEL 9 : python-tornado (RHSA-2026:20572)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20572 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

AlmaLinux 10 : python-tornado (ALSA-2026:13641)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:13641 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handli...

RHEL 10 : python-tornado (RHSA-2026:13641)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:13641 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Tornado vulnerabilities (USN-8198-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8198-1 advisory. It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An...

USN-8198-1 python-tornado vulnerabilities

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...

MGASA-2026-0092 Updated python-tornado packages fix security vulnerabilities

Tornado vulnerable to Header Injection and XSS via reason argument. CVE-2025-67724 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing. CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters. CVE-2025-67726...

SUSE-SU-2026:0629-1 Security update 5.1.2 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Backport security patches for Salt vendored tornado: CVE-2025-67724: missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: fix DoS via malicious HTTP request bsc1254905 CVE-2025-67726: fix HTTP header parameter parsing...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

AlmaLinux 8 : pcs (ALSA-2026:0930)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0930 advisory. tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-6772...

USN-7950-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled special characters in HTTP headers. An attacker could possibly use this issue to execute a cross- site scripting XSS attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10...

Amazon Linux 2 : python3-tornado, --advisory ALAS2-2025-3109 (ALAS-2025-3109)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3109 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied...

EUVD-2012-0029

Malware in sbrugna...

RLSA-2025:8254 Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser CVE-2025-46727 tornado: Tornado Multipart Form-Data Denial of Service CVE-2025-47287 For more details about the securit...

pcs security update

An update is available for pcs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...

USN-7150-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled a certain redirect. A remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This issue was only addressed in Ubuntu 22.04 LTS,...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Tornado vulnerabilities (USN-7150-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7150-1 advisory. It was discovered that Tornado incorrectly handled a certain redirect. A remote attacker could possibly use...

Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore may be affected by vulnerabilities in Python, Tornado. and Urllib3 such as server-side request forgery, HTTP response splitting, buffer overflow, and man-in-the-middle attacks. Vulnerability Details CVEID: CVE-2021-29921...

CVE-2014-9720

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests...