Mageia: Security Advisory (MGASA-2024-0234)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : python-werkzeug (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-werkzeug: cookie prefixed with = can shadow unprefixed cookie CVE-2023-23934 - Werkzeug is a...

SUSE SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2024:1608-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1608-1 advisory. - Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacke...

Debian dla-3536 : python-flask - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3536 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3536-1 [email protected] https://www.debian.org/lts/security/...

Debian DSA-5442-1 : flask - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5442 advisory. It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution bullseye, this problem has been fixed in...

EulerOS 2.0 SP5 : python-werkzeug (EulerOS-SA-2023-2167)

According to the versions of the python-werkzeug package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Werkzeug is a comprehensive WSGI web application library. Browsers may allow 'nameless' cookies that look like =value instead of...

Fedora 37 : mingw-python-werkzeug (2023-af75e27098)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-af75e27098 advisory. Update to python-werkzeug-2.2.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

CVE-2023-23934

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

CVE-2023-25577

Werkzeug prior to 2.2.3 contains a DoS vulnerability in its multipart form data parser that can parse an unlimited number of parts (including file parts). Attacks that send crafted multipart data to endpoints reading request.data, request.form, request.files, or request.get_data(parse_form_data=F...

CVE-2023-25577

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. ...