Important: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory ...

CBL Mariner 2.0 Security Update: python-werkzeug (CVE-2023-25577)

The version of python-werkzeug installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25577 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2022-41333

An uncontrolled resource consumption vulnerability CWE-400 in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

K25165813: BIG-IP SSL connection Alert Timeout security exposure

Security Advisory Description The mitigation for K41515225: BIG-IP SSL connection security exposure may not work in all conditions. If after applying the workaround in K41515225: BIG-IP SSL connection security exposure, setting the Alert Timeout to its minimum value of 1 second, you continue to...

Werkzeug may allow high resource usage when parsing multipart form data with many fields

...

Denial Of Service (DoS)

werkzeug is vulnerable to Denial of Service DoS attacks. An attacker is able to cause denial of service conditions by sending a crafted multipart data segment with many file parts to an endpoint which uses request.data, request.form, request.files, or request.getdata, causing high resource usage,...

GHSA-XG9F-G7G7-2323 High resource usage when parsing multipart form data with many fields

Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form,...

SUSE CVE-2018-1000893

Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions...

SUSE CVE-2021-28698

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones...

CVE-2023-25577

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

CVE-2023-25577 Werkzeug may allow high resource usage when parsing multipart form data with many fields

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

CVE-2023-25577

Werkzeug prior to 2.2.3 contains a DoS vulnerability in its multipart form data parser that can parse an unlimited number of parts (including file parts). Attacks that send crafted multipart data to endpoints reading request.data, request.form, request.files, or request.get_data(parse_form_data=F...

CVE-2023-25577

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

CVE-2023-25577 Werkzeug may allow high resource usage when parsing multipart form data with many fields

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...

Denial of Service (DoS)

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Denial of Service DoS when a user supplies an excessively long value for the title field of an article and convinces another user to access it. Detail...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

PT-2023-9379 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to uncontrolled CPU, memory, and disk I/O utilization caused by JavaScript preprocessing, webhooks, and global scripts. This can be exploited to cause a denial of servic...

CVE-2022-4565

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the...