Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0160: python-werkzeug (ALINUX3-SA-2024:0160)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0160 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-23934: Werkzeug is a comprehensiv...

7.5CVSS6.5AI score0.0142EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2024/11/26 9:41 a.m.25 views

Advisory ROSA-SA-2024-2530

Software: python3-werkzeug 1.0.1 OS: rosa-server79 packageevrstring: python3-werkzeug-1.0.1-2.res7 CVE-ID: CVE-2023-25577 BDU-ID: 2023-02343 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the WSGI Werkzeug web application library is related to the application not properly controlling the...

7.5CVSS6.9AI score0.0142EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.22 views

RHEL 7 : python-werkzeug (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-werkzeug: cookie prefixed with = can shadow unprefixed cookie CVE-2023-23934 - Werkzeug is a...

7.4AI score0.01072EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/29 4:48 p.m.41 views

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets...

8.6CVSS8.6AI score0.55526EPSS
Exploits11Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.33 views

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-werkzeug) (RHSA-2023:1018)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1018 advisory. Werkzeug ======== Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced...

7.5CVSS6.6AI score0.0142EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/08/15 12:0 a.m.29 views

Oracle Linux 8 : python-werkzeug (ELSA-2023-12709)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-12709 advisory. - Fix CVE-2023-23934 Orabug: 35662419 - Fix CVE-2023-25577 Orabug: 35662419 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.5AI score0.0142EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/07 12:0 a.m.29 views

Debian DSA-5470-1 : python-werkzeug - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5470 advisory. - Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like =value instead of key=value. A vulnerable browser m...

7.5CVSS6.4AI score0.0142EPSS
Exploits0References8
Debian
Debian
added 2023/08/06 12:38 p.m.29 views

[SECURITY] [DSA 5470-1] python-werkzeug security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5470-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2023 https://www.debian.org/security/faq -...

7.5CVSS7.1AI score0.0142EPSS
Exploits0
Oracle linux
Oracle linux
added 2023/08/06 12:0 a.m.80 views

python-werkzeug security update

0.12.2-4.0.1 - Fix CVE-2023-23934 Orabug: 35662419 - Fix CVE-2023-25577 Orabug: 35662419 - enable tests Orabug: 35662419...

7.5CVSS7.1AI score0.0142EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 2:50 p.m.34 views

Security Bulletin: Vulnerability in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-25577, CVE-2023-23934)

Summary Vulnerabilities in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Werkzeug allowing remote attacker to bypass security restrictions and denial of service. Vulnerability Details CVEID:CVE-2023-23934 DESCRIPTION: Pallets Werkzeug could allow a remote...

7.5CVSS6.1AI score0.0142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 5:29 p.m.31 views

Security Bulletin: Wekzeug is vulnerable to CVE-2023-25577 and CVE-2023-23934 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Wekzeug which is vulnerable to CVE-2023-25577 and CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart form data with man...

7.5CVSS6.1AI score0.0142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 5:50 p.m.42 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pallets Werkzeug security bypass and denialof service vulnerabilities( CVE-2023-23934, CVE-2023-25577)

Summary Potential Pallets Werkzeug security bypass and denial of service vulnerabilities CVE-2023-23934, CVE-2023-25577 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-23934...

7.5CVSS6.1AI score0.0142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 8:45 p.m.30 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Pallets Werkzeug ( CVE-2023-23934)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Pallets Werkzeug, caused by improper input validation. CVE-2023-23934. Pallets Werkzeug is included as part of the runtimes in our service. This vulnerabilitiy has been...

3.5CVSS5.3AI score0.00507EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/06/22 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-5948-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.1AI score0.0142EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/06/20 10:6 p.m.52 views

USN-5948-2: Werkzeug vulnerabilities

USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. Original advisory details: It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookie...

7.5CVSS6.6AI score0.0142EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/20 12:0 a.m.46 views

Ubuntu 23.04 : Werkzeug vulnerabilities (USN-5948-2)

The remote Ubuntu 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5948-2 advisory. USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. Tenable has extracted the preceding descriptio...

7.5CVSS6.5AI score0.0142EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/19 9:3 a.m.140 views

Security Bulletin: Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934)

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Flask and Pallets Werkzeug include obtain sensitive information, denial of service attacks and bypass security restrictions, as described by the CVEs in the "Vulnerability Details"...

7.5CVSS6.9AI score0.0142EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.45 views

EulerOS 2.0 SP5 : python-werkzeug (EulerOS-SA-2023-2167)

According to the versions of the python-werkzeug package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Werkzeug is a comprehensive WSGI web application library. Browsers may allow 'nameless' cookies that look like =value instead of...

7.5CVSS6.3AI score0.0142EPSS
Exploits0References3
Amazon
Amazon
added 2023/04/10 12:0 a.m.3 views

Medium: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for...

3.5CVSS6.5AI score0.00507EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/04 12:0 a.m.31 views

Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-149)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-149 advisory. Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an...

3.5CVSS6.3AI score0.00507EPSS
Exploits0References4
Rows per page
Query Builder