36 matches found
RHCOS 9 : OpenShift Container Platform 4.13.24 (RHSA-2023:7477)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7477 advisory. - python-werkzeug: high resource consumption leading to denial of service CVE-2023-46136 Note that Nessus has not tested for this issue but h...
OESA-2025-1998 python-werkzeug security update
A comprehensive WSGI web application library Security Fixes: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal...
Security Bulletin: Werkzeug Multipart Parser Denial of Service via Malformed File Upload
Summary Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on...
Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2023-46136]
Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-46136 Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsin...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial o...
Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136
Summary Security Bulletin: IBM Maximo Application Suite - Maximo Visual Inspection Component uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to this CVE-2023-46136 Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Pallets Werkzeug ( CVE-2023-46136 )
Summary Pallets Werkzeug is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-46136. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...
CBL Mariner 2.0 Security Update: python-werkzeug (CVE-2023-46136)
The version of python-werkzeug installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46136 advisory. - Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with C...
RHEL 7 : python-werkzeug (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-werkzeug: cookie prefixed with = can shadow unprefixed cookie CVE-2023-23934 - Werkzeug is a...
Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets...
RHEL 9 : OpenShift Container Platform 4.13.24 (RHSA-2023:7477)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7477 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...
RHEL 8 : Red Hat OpenStack Platform 17.1 (python-werkzeug) (RHSA-2024:0189)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0189 advisory. Werkzeug is a WSGI utility module. It includes a debugger, request and response objects, HTTP utilities to handle entity tags, cache control headers,...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug [CVE-2023-46136]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning CVE-2023-46136. Pallets Werkzeug is used in our Speech...
CVE-2023-46136 affecting package python-werkzeug for versions less than 3.0.1-1
CVE-2023-46136 affecting package python-werkzeug for versions less than 3.0.1-1. An upgraded version of the package is available that resolves this issue...
RHEL 8 / 9 : OpenShift Container Platform 4.12.45 (RHSA-2023:7610)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7610 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
RHEL 8 / 9 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Security Bulletin: Vulnerability in Cryptography, Werkzeug might affect IBM Storage Sentinel Anomaly Scan Engine (CVE-2023-49083, CVE-2023-46136)
Summary Vulnerabilities in python cryptography and pallets werkzeug may affect IBM Storage Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography and Pallets Werkzeugh allowing remote attacker cause a denial of service as described by the CVEs in the "Vulnerability Details"...
openSUSE: Security Advisory for python (SUSE-SU-2023:4288-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pallets Werkzeug denial of service vulnerabilitiy [ CVE-2023-46136]
Summary Potential Pallets Werkzeug denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-4613 Vulnerability Details CVEID:CVE-2023-46136...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Pallets Werkzeug
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Pallets Werkzeug. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large...