Latest Agendaless Vulnerabilities

● CVE-2023-40587

### Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of ...

Agendaless Pyramid>=2.0<2.0.2

pip/pyramid>=2.0.0<2.0.2

Fedoraproject Fedora=38

Fedoraproject Fedora=39

● CVE-2022-31015

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call sele...

Agendaless Waitress>=2.1.0<2.1.2

● CVE-2022-24761

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the ...

Agendaless Waitress<2.1.1

Debian Debian Linux=9.0

debian/waitress

● CVE-2020-5236

### Impact When waitress receives a header that contains invalid characters it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and bloc...

pip/waitress=1.4.2

Agendaless Waitress=1.4.2

● CVE-2019-16792

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now co...

Agendaless Waitress<=1.3.1

Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0

Debian Debian Linux=9.0

debian/waitress

● CVE-2019-16789

### Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTT...

pip/waitress<1.4.2

redhat/waitress<1.4.1

redhat/python-waitress<0:1.4.2-1.el8

Agendaless Waitress<=1.4.0

Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0

Debian Debian Linux=9.0

and 4 more

● CVE-2019-16786

### Impact Waitress would parse the `Transfer-Encoding` header and only look for a single string value, if that value was not `chunked` it would fall through and use the `Content-Length` header inste...

pip/waitress<1.4.0

redhat/waitress<1.4.0

redhat/python-waitress<0:1.4.2-1.el8

Agendaless Waitress<1.3.1

Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0

Debian Debian Linux=9.0

and 4 more

● CVE-2019-16785

### Impact Waitress implemented a &quot;MAY&quot; part of the RFC7230 (https://tools.ietf.org/html/rfc7230#section-3.5) which states: Although the line terminator for the start-line an...

pip/waitress<1.4.0

Agendaless Waitress<=1.3.1

Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0

Debian Debian Linux=9.0

Fedoraproject Fedora=30

Fedoraproject Fedora=31

and 3 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.