15 matches found
CVE-2026-55380
Pillow (Python imaging library) vulnerability: Prior to 12.3.0, in GdImageFile._open(), image dimensions were read from the GD 2.x header and stored in self._size without invoking Image._decompression_bomb_check(), allowing a crafted .gd file to trigger excessive C-heap allocation. Impact: potent...
UBUNTU-CVE-2026-9375
urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...
PT-2026-39744
🚨 High - urllib3 Sensitive Header Leak & Decompression Bomb Safeguard Bypass CVE-2026-31015 & CVE-2026-31020 Two critical vulnerabilities were identified in the urllib3 library Node.js/Python. The first flaw GHSA-qccp-gfcp-xxvc allows sensitive headers like Authorization and Cookie to be leaked...
AlmaLinux 8 : fence-agents (ALSA-2026:1240)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1240 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
RockyLinux 8 : fence-agents (RLSA-2026:1240)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1240 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
python3.11-urllib3 security update
An update is available for python3.11-urllib3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...
RockyLinux 9 : python3.11-urllib3 (RLSA-2026:1089)
The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1089 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
Important: Red Hat Security Advisory: fence-agents security update
An update for fence-agents is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...
Important: Red Hat Security Advisory: python-urllib3 security update
An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Important: Red Hat Security Advisory: python3.12-urllib3 security update
An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
MiracleLinux 9 : fence-agents-4.10.0-98.el9_7.4 (AXSA:2026-116:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-116:01 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
MiracleLinux 9 : python-urllib3-1.26.5-6.el9_7.1 (AXSA:2026-090:01)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-090:01 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
AlmaLinux 9 : python-urllib3 (ALSA-2026:1087)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:1087 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
AlmaLinux 8 : python3.11-urllib3 (ALSA-2026:1224)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:1224 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...
Important: Red Hat Security Advisory: python3.11-urllib3 security update
An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...