It was discovered that Werkzeug did not properly handle the parsing of
nameless cookies. A remote attacker could possibly use this issue to
shadow other cookies. (CVE-2023-23934)
It was discovered that Werkzeug could be made to process unlimited number
of multipart form data parts. A remote attacker could possibly use this
issue to cause Werkzeug to consume resources, leading to a denial of
service. (CVE-2023-25577)
More Stories
xen-4.17.5-2.fc39
FEDORA-2024-020dbf247c Packages in this update: xen-4.17.5-2.fc39 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] update to xen-4.17.5 Read More
xen-4.18.3-2.fc40
FEDORA-2024-051cf1553e Packages in this update: xen-4.18.3-2.fc40 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] Read More
xen-4.19.0-4.fc41
FEDORA-2024-60809cb44e Packages in this update: xen-4.19.0-4.fc41 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] Read More
USN-7031-2: Puma vulnerability
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu...
USN-7031-1: Puma vulnerability
It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite...
USN-7030-1: py7zr vulnerability
It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into...