Astra Linux - уязвимость в mod-wsgi

A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...

EUVD-2024-0188

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-eventlet (SUSE-SU-2025:03202-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03202-1 advisory. - CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request...

OESA-2025-2232 python-eventlet security update

Eventlet is a concurrent networking library for Python that allows you to change how you run your code, not how you write it. Security Fixes: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to...

CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

CVE-2024-49766

Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...

CVE-2024-49766 Werkzeug safe_join not safe on Windows

Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...

SUSE CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

CVE-2022-31015

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...

CVE-2022-31015 Uncaught Exception (due to a data race) leads to process termination in Waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...

CVE-2022-24761

CVE-2022-24761 affects Waitress (Python WSGI server) up to version 2.1.0. The advisory describes two vulnerability classes that enable HTTP request smuggling when Waitress runs behind a proxy that does not fully validate RFC7230: (1) parsing integers with Python int(), allowing +10 to be treated ...

CVE-2022-24761

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...