Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

ROS-20251229-7301

A vulnerability in the Pallets Werkzeug web application library is related to uncontrolled resource consumption in werkzeug.formparser.MultiPartParser. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition...

EUVD-2019-0160

Malware in sbrugna...

EUVD-2017-0141

Malware in sbrugna...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Pallets Werkzeug ( CVE-2023-46136 )

Summary Pallets Werkzeug is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-46136. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution, in Pallets Werkzeug [CVE-2024-34069]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution, in Pallets Werkzeug, caused by improper usage of a pathname and improper CSRF protection in the debuggerCVE-2024-34069. Pallets Werkzeug is used by our Speech Service runtimes. Th...

Security Bulletin: Vulnerability in Pallets Werkzeug affects IBM Process Mining CVE-2024-34069

Summary There is a vulnerability in Pallets Werkzeug that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34069...

Pallets Werkzeug 安全漏洞

Pallets Werkzeug is a WSGI web application library. A security vulnerability exists in Pallets Werkzeug versions prior to 3.0.3, which stems from the Werkzeug debugger's susceptibility to remote execution when interacting with an attacker-controlled domain...

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug [CVE-2023-46136]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Pallets Werkzeug, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning CVE-2023-46136. Pallets Werkzeug is used in our Speech...

Security Bulletin: Vulnerability in Cryptography, Werkzeug might affect IBM Storage Sentinel Anomaly Scan Engine (CVE-2023-49083, CVE-2023-46136)

Summary Vulnerabilities in python cryptography and pallets werkzeug may affect IBM Storage Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography and Pallets Werkzeugh allowing remote attacker cause a denial of service as described by the CVEs in the "Vulnerability Details"...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Pallets Werkzeug (CVE-2023-46136)

Summary A vulnerability in Pallets Werkzeug used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 8 Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart form data with many fields. By...

Security Bulletin: Vulnerabilities in Pallets Werkzeug, urlib3 and Cryptography [CVE-2023-46136, CVE-2023-45803, CVE-2023-49083]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Pallets Werkzeug, urlib3 and Cryptography which include denial of service and obtain sensitive information, as described by the CVEs in the "Vulnerability Details" section. These...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pallets Werkzeug denial of service vulnerabilitiy [ CVE-2023-46136]

Summary Potential Pallets Werkzeug denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-4613 Vulnerability Details CVEID:CVE-2023-46136...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Pallets Werkzeug

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Pallets Werkzeug. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to denial of service due to Pallets Werkzeug (CVE-2023-46136)

Summary The python library Pallets Werkzeug is used by IBM Storage Fusion HCI's backup and restore function for WSGI utilities. A vulnerability in this library could lead to Denial of Service as described the CVE listed in the "Vulnerability Details" section. Vulnerability Details...

Security Bulletin: IBM Storage Fusion may be vulnerable to denial of service due to Pallets Werkzeug (CVE-2023-46136)

Summary The python library Pallets Werkzeug is used by IBM Storage Fusion's backup and restore function for WSGI utilities. A vulnerability in this library could lead to Denial of Service as described the CVE listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2023-4613...

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...