Vulnerabilities > Agendaless

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-49768 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Agendaless Waitress
Waitress is a Web Server Gateway Interface server for Python 2 and 3.
network
high complexity
agendaless CWE-367
4.8
2024-10-29 CVE-2024-49769 Missing Release of Resource after Effective Lifetime vulnerability in Agendaless Waitress
Waitress is a Web Server Gateway Interface server for Python 2 and 3.
network
low complexity
agendaless CWE-772
7.5
2023-08-25 CVE-2023-40587 Path Traversal vulnerability in multiple products
Pyramid is an open source Python web framework.
network
low complexity
agendaless fedoraproject CWE-22
5.3
2022-05-31 CVE-2022-31015 Uncaught Exception vulnerability in Agendaless Waitress 2.1.0/2.1.1
Waitress is a Web Server Gateway Interface server for Python 2 and 3.
4.3
2022-03-17 CVE-2022-24761 HTTP Request Smuggling vulnerability in multiple products
Waitress is a Web Server Gateway Interface server for Python 2 and 3.
network
low complexity
agendaless debian CWE-444
5.0
2020-02-04 CVE-2020-5236 Resource Exhaustion vulnerability in Agendaless Waitress 1.4.2
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters.
network
low complexity
agendaless CWE-400
6.8
2020-01-22 CVE-2019-16792 HTTP Request Smuggling vulnerability in multiple products
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice.
network
low complexity
agendaless oracle debian CWE-444
5.0
2019-12-26 CVE-2019-16789 HTTP Request Smuggling vulnerability in multiple products
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling.
8.2
2019-12-20 CVE-2019-16786 HTTP Request Smuggling vulnerability in multiple products
Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead.
7.5
2019-12-20 CVE-2019-16785 HTTP Request Smuggling vulnerability in multiple products
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways.
7.5