1576 matches found
Remote Code Execution (RCE)
werkzeug is vulnerable to Remote Code Execution. The vulnerability is due to the debugger accepting requests from non localhost locations, which allows an attacker to execute arbitrary code under specific situations. The prerequisites to this attack are the attacker must convince a developer into...
SUSE CVE-2024-34069
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
CVE-2024-34069
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
AZL-40466 CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
DEBIAN-CVE-2024-34069
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
AZL-40372 CVE-2024-34069 affecting package python-werkzeug for versions less than 3.0.3-1
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
CVE-2024-34069
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
UBUNTU-CVE-2024-34069
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
CVE-2024-34069
Werkzeug (the Python WSGI library) contains a debugger-only vulnerability tracked as CVE-2024-34069. The issue arises in affected Werkzeug versions where the debugger can let an attacker execute code on a developer’s machine under certain conditions: the attacker must persuade the developer to vi...
CVE-2024-34069
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
CVE-2024-34069 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
CVE-2024-34069 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...
GHSA-2G68-C3QC-8985 Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it...
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it...
PT-2024-25679
Name of the Vulnerable Software and Affected Versions Werkzeug versions prior to 3.0.3 Description The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact wit...
Pallets Werkzeug 安全漏洞
Pallets Werkzeug is a WSGI web application library. A security vulnerability exists in Pallets Werkzeug versions prior to 3.0.3, which stems from the Werkzeug debugger's susceptibility to remote execution when interacting with an attacker-controlled domain...
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...
Fedora: Security Advisory for antlrworks (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: antlrworks-1.5.2-29.fc40
ANTLRWorks is a novel grammar development environment for ANTLR v3 grammars written by Jean Bovet with suggested use cases from Terence Parr. It combin es an excellent grammar-aware editor with an interpreter for rapid prototyping a nd a language-agnostic debugger for isolating grammar errors...
BIT-REDIS-2021-32672 Vulnerability in Lua Debugger in Redis
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...