Lucene search
K

12 matches found

OSV
OSV
added 4 days ago4 views

OESA-2026-2815 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code...

7.5CVSS6.3AI score0.00304EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

OESA-2026-2814 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code...

7.5CVSS6.3AI score0.00304EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:16 p.m.15 views

DEBIAN-CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS6.3AI score0.00304EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 7:16 p.m.8 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:45 p.m.4 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS7.5AI score0.00304EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 6:45 p.m.31 views

CVE-2026-9375

urllib3 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API when Brotli is enabled and preload_content is False. Three code paths in response.py bypass the max_length protection added in 2.6.0 to mitigate CVE-2025-66471: (1) negative max_length can result from buffer arithmeti...

7.5CVSS7.5AI score0.00304EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:45 p.m.20 views

CVE-2026-9375 Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51014

Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...

7.5CVSS7.4AI score0.00304EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.4 views

Fedora 44 : cpp-httplib (2026-03599f0b32)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

8.7CVSS5.9AI score0.00179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.2 views

Fedora 43 : cpp-httplib (2026-e76feaf213)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e76feaf213 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

8.7CVSS5.9AI score0.00179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/06/11 12:0 a.m.38 views

openSUSE Security Update : curl (openSUSE-2018-589)

This update for curl to version 7.60.0 fixes the following issues : These security issues were fixed : - CVE-2018-1000300: Prevent heap-based buffer overflow when closing down an FTP connection with very long server command replies bsc1092094. - CVE-2018-1000301: Prevent buffer over-read that cou...

9.8CVSS7.8AI score0.06003EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.40 views

Fedora 25 : qt5-qtwebengine (2017-58cde32413)

This update updates QtWebEngine to the 5.9.0 release. QtWebEngine 5.9.0 is part of the Qt 5.9.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.8.0: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,...

9.6CVSS6.6AI score0.2224EPSS
Exploits6References49
Rows per page
Query Builder