34 matches found
Alibaba Cloud Linux 3 : 0160: python-werkzeug (ALINUX3-SA-2024:0160)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0160 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-23934: Werkzeug is a comprehensiv...
Advisory ROSA-SA-2024-2530
Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...
RHEL 7 : python-werkzeug (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-werkzeug: cookie prefixed with = can shadow unprefixed cookie CVE-2023-23934 - Werkzeug is a...
Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets...
RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1018 advisory. Werkzeug ======== Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced...
Oracle Linux 8 : python-werkzeug (ELSA-2023-12709)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-12709 advisory. - Fix CVE-2023-23934 Orabug: 35662419 - Fix CVE-2023-25577 Orabug: 35662419 Tenable has extracted the preceding description block directly from the...
Debian DSA-5470-1 : python-werkzeug - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5470 advisory. - Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like =value instead of key=value. A vulnerable browser m...
[SECURITY] [DSA 5470-1] python-werkzeug security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5470-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2023 https://www.debian.org/security/faq -...
python-werkzeug security update
0.12.2-4.0.1 - Fix CVE-2023-23934 Orabug: 35662419 - Fix CVE-2023-25577 Orabug: 35662419 - enable tests Orabug: 35662419...
Security Bulletin: Vulnerability in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-25577, CVE-2023-23934)
Summary Vulnerabilities in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Werkzeug allowing remote attacker to bypass security restrictions and denial of service. Vulnerability Details CVEID:CVE-2023-23934 DESCRIPTION: Pallets Werkzeug could allow a remote...
Security Bulletin: Wekzeug is vulnerable to CVE-2023-25577 and CVE-2023-23934 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Wekzeug which is vulnerable to CVE-2023-25577 and CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart form data with man...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pallets Werkzeug security bypass and denialof service vulnerabilities( CVE-2023-23934, CVE-2023-25577)
Summary Potential Pallets Werkzeug security bypass and denial of service vulnerabilities CVE-2023-23934, CVE-2023-25577 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-23934...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Pallets Werkzeug ( CVE-2023-23934)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Pallets Werkzeug, caused by improper input validation. CVE-2023-23934. Pallets Werkzeug is included as part of the runtimes in our service. This vulnerabilitiy has been...
Ubuntu: Security Advisory (USN-5948-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5948-2: Werkzeug vulnerabilities
USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. Original advisory details: It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookie...
Ubuntu 23.04 : Werkzeug vulnerabilities (USN-5948-2)
The remote Ubuntu 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5948-2 advisory. USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. Tenable has extracted the preceding descriptio...
Security Bulletin: Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934)
Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Flask and Pallets Werkzeug include obtain sensitive information, denial of service attacks and bypass security restrictions, as described by the CVEs in the "Vulnerability Details"...
EulerOS 2.0 SP5 : python-werkzeug (EulerOS-SA-2023-2167)
According to the versions of the python-werkzeug package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Werkzeug is a comprehensive WSGI web application library. Browsers may allow 'nameless' cookies that look like =value instead of...
Medium: python-werkzeug
Issue Overview: Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for...
Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-149)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-149 advisory. Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an...