Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

RHCOS 9 : OpenShift Container Platform 4.15.30 (RHSA-2024:6016)

The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6016 advisory. - python-werkzeug: user may execute code on a developer's machine CVE-2024-34069 Note that Nessus has not tested for this issue but has inste...

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. In affected versions of Werkzeug, the debugger can allow an attacker to execute code on a developer’s machine under certain circumstances. This requires the attacker to get the developer to interact with a domain and subdomain that they...

NewStart CGSL MAIN 7.02 : python-werkzeug Vulnerability (NS-SA-2025-0136)

The remote NewStart CGSL host, running version MAIN 7.02, has python-werkzeug packages installed that are affected by a vulnerability: - Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's...

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

python-werkzeug: high resource consumption leading to denial of service

A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service...

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

Fedora: Security Advisory (FEDORA-2024-08eb67ed86)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing...

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

Debian: Security Advisory (DLA-4062-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4062-1] python-werkzeug security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4062-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 21, 2025 https://wiki.debian.org/LTS -...

Debian dla-4062 : python-werkzeug-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4062 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4062-1 [email protected] https://www.debian.org/lts/security/...

DLA-4062-1 python-werkzeug - security update

Bulletin has no description...

Azure Linux 3.0 Security Update: python-werkzeug (CVE-2024-49767)

The version of python-werkzeug installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49767 advisory. - Werkzeug is a Web Server Gateway Interface web application library. Applications using...

CBL Mariner 2.0 Security Update: python-werkzeug (CVE-2024-49767)

The version of python-werkzeug installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49767 advisory. - Werkzeug is a Web Server Gateway Interface web application library. Applications using...

CVE-2024-49767 affecting package python-werkzeug for versions less than 2.3.7-3

CVE-2024-49767 affecting package python-werkzeug for versions less than 2.3.7-3. A patched version of the package is available...

CVE-2024-49767 affecting package python-werkzeug for versions less than 3.0.3-2

CVE-2024-49767 affecting package python-werkzeug for versions less than 3.0.3-2. A patched version of the package is available...

RHSA-2024:10696 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-werkzeug) security update

Bulletin has no description...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...