Lucene search
+L

385 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/16 12:0 a.m.14 views

Fedora 41 : python-waitress (2024-157678aad0)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-157678aad0 advisory. Update to version 3.0.1, which resolves CVE-2024-49768 and CVE-2024-49769. Tenable has extracted the preceding description block directly from the...

9.1CVSS6.7AI score0.01386EPSS
Exploits0References3
Veracode
Veracode
added 2024/11/11 7:30 a.m.10 views

HTTP Request Smuggling (HRS)

Waitress is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper handling of request lookahead and parsing in HTTP pipelining. When request lookahead is enabled, the server processes the first request, but due to a race condition, it may start handling the second request...

9.1CVSS6.5AI score0.00496EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/11/11 7:29 a.m.10 views

Denial Of Service (DoS)

Waitress is vulnerable to Denial Of Service DoS. The vulnerability is due to a race condition where, if a remote client closes the connection before Waitress calls getpeername, allows an attacker to trigger a busy-loop in the server, causing it to repeatedly attempt writing to a non-existent sock...

7.5CVSS7AI score0.01386EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/11/08 3:11 p.m.4 views

OESA-2024-2377 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

7.5CVSS6.9AI score0.01386EPSS
Exploits0References2
OSV
OSV
added 2024/11/08 3:11 p.m.4 views

OESA-2024-2376 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

7.5CVSS6.9AI score0.01386EPSS
Exploits0References2
OSV
OSV
added 2024/11/08 3:11 p.m.6 views

OESA-2024-2375 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

7.5CVSS6.9AI score0.01386EPSS
Exploits0References2
OSV
OSV
added 2024/11/08 3:11 p.m.5 views

OESA-2024-2374 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

7.5CVSS6.9AI score0.01386EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/11/04 12:0 a.m.9 views

SUSE: Security Advisory (SUSE-SU-2024:3876-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.3AI score0.01386EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/11/02 12:0 a.m.16 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-waitress (SUSE-SU-2024:3876-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3876-1 advisory. - CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first...

9.1CVSS6.6AI score0.01386EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2024/11/01 3:29 p.m.6 views

Security update for python-waitress

This update for python-waitress fixes the following issues: CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first request when lookahead is enabled bsc1232556 CVE-2024-49769: Fixed incorrect connection clean up leads to a busy-loop and resource exhaustion...

9.1CVSS7.5AI score0.01386EPSS
Exploits0References8
OSV
OSV
added 2024/11/01 3:29 p.m.13 views

SUSE-SU-2024:3876-1 Security update for python-waitress

This update for python-waitress fixes the following issues: - CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first request when lookahead is enabled bsc1232556 - CVE-2024-49769: Fixed incorrect connection clean up leads to a busy-loop and resource exhausti...

9.1CVSS6.9AI score0.01386EPSS
Exploits0References5
OSV
OSV
added 2024/11/01 11:9 a.m.6 views

OESA-2024-2333 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

9.1CVSS6.9AI score0.00496EPSS
Exploits0References2
OSV
OSV
added 2024/11/01 11:9 a.m.4 views

OESA-2024-2336 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

9.1CVSS6.9AI score0.00496EPSS
Exploits0References2
OSV
OSV
added 2024/11/01 11:9 a.m.5 views

OESA-2024-2335 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

9.1CVSS6.9AI score0.00496EPSS
Exploits0References2
OSV
OSV
added 2024/11/01 11:9 a.m.5 views

OESA-2024-2334 python-waitress security update

Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on...

9.1CVSS6.9AI score0.00496EPSS
Exploits0References2
OSV
OSV
added 2024/10/31 12:0 a.m.10 views

OPENSUSE-SU-2024:14445-1 python310-waitress-3.0.1-1.1 on GA media

These are all security issues fixed in the python310-waitress-3.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS8.5AI score0.01386EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/10/30 4:3 a.m.3 views

SUSE CVE-2024-49768

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

7.4CVSS6.8AI score0.00496EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/10/30 4:3 a.m.7 views

SUSE CVE-2024-49769

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer...

7.5CVSS6.8AI score0.01386EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/10/29 4:30 p.m.20 views

CVE-2024-49768

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

4.8CVSS9AI score0.00496EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/10/29 3:55 p.m.15 views

CVE-2024-49769

A flaw was found in the Waitress WSGI server for Python. When a remote client closes the connection before waitress has had the opportunity to call getpeername, waitress will incorrectly clean up the connection, leading to the main thread attempting to write to a socket that no longer exists, and...

7.5CVSS7.3AI score0.01386EPSS
Exploits0References7
Rows per page
Query Builder