Lucene search
+L

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 10:8 a.m.3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to Werkzeug

Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. Multiple vulnerabilities affect Werkzeug. CVE-2024-49767 involves a resource exhaustion vulnerability in the multipart/form-data parser where a specifically crafted form submission can cause the parse...

7.5CVSS7.2AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:50 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal and Uncontrolled Resource Consumption in Werkzeug (CVE-2024-49766, CVE-2024-49767)

Summary Werkzeug is used by IBM Storage Ceph for the Web Server Gateway Interface. CVE-2024-49766 CVE-2024-49767This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway...

7.5CVSS6.7AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:50 a.m.49 views

Security Bulletin: Denial of service, directory traversal, and other vulnerabilities might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to denial of service, directory traversal, and others. The vulnerabilities have been addressed. CVE-2024-49767, CVE-2024-49766, CVE-2024-39614, CVE-2024-38875, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-47119,...

9.1CVSS8.9AI score0.28637EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 3:31 a.m.18 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway Interface w...

7.5CVSS7.3AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 9:48 a.m.31 views

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538

Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS6.8AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS7.2AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS7.2AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/04 9:59 p.m.19 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Werkzeug

Summary Multiple vulnerabilities in Werkzeug used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug versi...

7.5CVSS6.4AI score0.01102EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2024/10/29 4:17 a.m.6 views

SUSE CVE-2024-49766

Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...

6.3CVSS7.5AI score0.00786EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/10/25 9:55 p.m.14 views

CVE-2024-49766

A flaw was found in Werkzeug. In Python versions below v3.11 on Windows, os.path.isabs does not catch UNC paths such as //server/share. Werkzeug's safejoin relies on this check and can produce a path that is not safe, which can allow unintended access to data...

3.7CVSS6.2AI score0.00786EPSS
Exploits0References6
Wolfi
Wolfi
added 2024/10/25 8:15 p.m.72 views

CVE-2024-49766 vulnerabilities

Vulnerabilities for packages: mlflow, kubeflow-jupyter-web-app, emissary, superset, py3-werkzeug, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app...

6.3CVSS5.4AI score0.00786EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/10/25 8:15 p.m.4 views

CVE-2024-49766

Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...

6.3CVSS6.8AI score0.00786EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/10/25 7:43 p.m.6 views

a2grunnerp (>=0.1.0 <=0.1.8), a4t-sale-discount (=5.0.2) +2496 more potentially affected by CVE-2024-49766 via werkzeug (>=0.10.1 <=3.0.4)

werkzeug PYPI version =0.10.1, =0.1.0, =1.0.2, =0.10.3, =1.8.8, =0.8.44.4, =4.2.0, =0.4.0, =0.9.2, =0.1.0, =0.0.1, =0.0.4 - adfotg =0.4.0 and more Source cves: CVE-2024-49766 Source advisory: OSV:GHSA-F9VJ-2WH5-FJ8J...

6.3CVSS6.7AI score0.00786EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/10/25 7:22 p.m.24 views

CVE-2024-49766

Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...

6.3CVSS6.5AI score0.00786EPSS
Exploits0
OSV
OSV
added 2024/10/25 7:22 p.m.15 views

CVE-2024-49766 Werkzeug safe_join not safe on Windows

Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...

6.3CVSS6.6AI score0.00786EPSS
Exploits0References6
CVE
CVE
added 2024/10/25 7:22 p.m.312 views

CVE-2024-49766

CVE-2024-49766 — Werkzeug UNC Path Validation Issue : Werkzeug on Windows with Python &lt;3.11 fails to catch UNC paths in os.path.isabs(), causing safe_join() to produce potentially unsafe paths. Vulnerable scenarios affect apps using Python =3.11 or non-Windows environments are not affected. A ...

6.3CVSS6.5AI score0.00786EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder