Every CVE whose affected-product data names Agendaless Waitress, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-49768 — CVSS 9.1 (critical): Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes…
CVE-2024-49769 — CVSS 7.5 (high): Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had…
CVE-2022-24761 — CVSS 7.5 (high): Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does…
CVE-2019-16792 — CVSS 7.1 (high): Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double…
CVE-2019-16785 — CVSS 7.1 (high): Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and…
CVE-2019-16786 — CVSS 7.1 (high): Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not…
CVE-2019-16789 — CVSS 7.1 (high): In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that…
CVE-2022-31015 — CVSS 6.5 (medium): Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread…
CVE-2020-5236 — CVSS 5.7 (medium): Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like…