python-gevent security update

An update is available for python-gevent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list gevent is a coroutine-based Python networking library that uses greenle...

RockyLinux 8 : python-gevent (RLSA-2024:8834)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:8834 advisory. python-gevent: privilege escalation via a crafted script to the WSGIServer component CVE-2023-41419 Tenable has extracted the preceding description block directly...

CVE-2025-52613

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

CVE-2025-52613 HCL BigFix Service Management (SM) is affected by use of a vulnerable component

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

PT-2026-31784

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

MiracleLinux 8 : python-gevent-1.2.2-5.el8_10 (AXSA:2024-8990:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8990:01 advisory. python-gevent: privilege escalation via a crafted script to the WSGIServer component CVE-2023-41419 Tenable has extracted the preceding description block...

ROS-20251125-03

WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...

[SECURITY] [DLA 4377-1] python-gevent security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4377-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini November 24, 2025 https://wiki.debian.org/LTS -...

EUVD-2021-0088

Malware in sbrugna...

EUVD-2021-0089

Malware in sbrugna...

EUVD-2022-7078

Malicious code in bioql PyPI...

Security Bulletin: Race Condition in Waitress WSGI Server Can Lead to Resource Exhaustion (Fixed in >= 3.0.1)

Summary Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no...

[SECURITY] Fedora 42 Update: python-gunicorn-23.0.0-1.fc42

Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It is a pre-fork worker model. The Gunicorn server is broadly compatible with various web frameworks, simply implemented, light on server resources, and fairly speedy...

ROS-20241203-17

WSGI server gevent.pywsgi vulnerability in the Python Gevent library is related to insufficient validation of the of executed requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity, availability, and confidentiality of protected information...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

[SECURITY] Fedora 41 Update: python-waitress-3.0.1-1.fc41

Waitress is a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library...

OESA-2024-2375 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

OESA-2024-2374 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

Waitress 安全漏洞

Waitress is a production-quality, pure Python WSGI server from the Pylons project. A security vulnerability existed prior to Waitress version 3.0.1, which stemmed from the inclusion of a race condition issue...