Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Ubuntu
Ubuntuadded 2024/05/29 3:38 p.m.26 views

USN-6799-1: Werkzeug vulnerability

It was discovered that the debugger in Werkzeug was not restricted to trusted hosts. A remote attacker could possibly use this issue to execute code on the host under certain circumstances...

7.5CVSS6.6AI score0.4365EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2023/03/15 7:58 p.m.37 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS6.8AI score0.00366EPSS
Exploits0References2
Ubuntu
Ubuntuadded 2023/03/13 3:8 p.m.65 views

USN-5948-1: Werkzeug vulnerabilities

It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. CVE-2023-23934 It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacke...

7.5CVSS6.6AI score0.00366EPSS
Exploits0
OSV
OSVadded 2022/08/04 4:17 p.m.1 views

USN-5551-1 mod-wsgi vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations...

7.5CVSS7.3AI score0.00461EPSS
Exploits1References2
Fedora
Fedoraadded 2017/12/01 3:45 a.m.26 views

[SECURITY] Fedora 26 Update: python-werkzeug-0.12.2-1.fc26

Werkzeug =3D=3D=3D=3D=3D=3D=3D=3D Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility modules. It includes a powerful debugger, full featured request and response objects, HTTP utilities to handle entity tags, cache...

6.1CVSS6.6AI score0.00411EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2014/10/12 12:0 a.m.24 views

Amazon Linux AMI : mod_wsgi (ALAS-2014-376)

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

7.5CVSS6.6AI score0.08583EPSS
Exploits0References3
Fedora
Fedoraadded 2014/06/17 11:35 p.m.16 views

[SECURITY] Fedora 19 Update: mod_wsgi-3.5-1.fc19

The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existi...

7.5CVSS3.8AI score0.08583EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2010/07/01 12:0 a.m.11 views

Fedora 12 : python-paste-1.7.4-1.fc12 (2010-10383)

1.7.4 The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone ...

6AI score
Exploits0References2
Rows per page
Query Builder