Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit version 0.3.6 through versions prior to 1.11.0, which stems from HTTP/2 frame deserialization that buffers the entire body of a frame before checking the size...

Tornado 安全漏洞

Tornado is a Python web framework and asynchronous networking library from Tornado China. This library can scale to thousands of open connections by using non-blocking network I/O, making it ideal for applications that require long-term polling, WebSocket, and other scenarios where long-term...

[SECURITY] Fedora 41 Update: python-starlette-0.42.0-3.fc41

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

[SECURITY] Fedora 42 Update: python-starlette-0.47.3-2.fc42

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

[SECURITY] Fedora 43 Update: python-starlette-0.49.1-1.fc43

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

EUVD-2022-7228

Malicious code in bioql PyPI...

Moderate: Red Hat Security Advisory: .NET 7.0 security update

An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Moderate: .NET 7.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

GitHub Security Lab: Initial websocket support for Javascript (SockJS)

This bug was reported directly to GitHub Security Lab...

SUSE-SU-2017:2257-1 Security update for SUSE Manager Server 3.1

This update for the SUSE Manager Server 3.1 provides several fixes and improvements. The following security issues have been fixed: jabberd: - Fix offered SASL mechanism check. bsc1047282, CVE-2017-10807 spacewalk-java: - Do not allow XSS as Organization name. bsc1048968, CVE-2017-7538...

SUSE-SU-2017:2266-1 Security update for SUSE Manager Proxy 3.1

This update for SUSE Manager Proxy 3.1 provides several fixes and improvements: The following security issues have been fixed: jabberd: - Fix offered SASL mechanism check. bsc1047282, CVE-2017-10807 Additionally, the following non-security issues have been fixed: jabberd: - Fix memory leak in pgs...

SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)

The Apache2 webserver was updated to fix various issues. The following feature was added : - Provide support for the tunneling of web socket connections to a backend websockets server. FATE316880 The following security issues have been fixed : - The modheaders module in the Apache HTTP Server...