CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-66418)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-66418 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior ...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-66418)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-66418 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior ...

SUSE-SU-2026:20270-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses bsc1256331...

RLSA-2026:0845 Important: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

brotli security update

An update is available for brotli. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Brotli is a generic-purpose lossless compression algorithm that compresses da...

RockyLinux 10 : brotli (RLSA-2026:0845)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0845 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the...

AlmaLinux 10 : brotli (ALSA-2026:0845)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0845 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the AlmaLinu...

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2026:0845 Important: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

brotli security update

1.1.0-7 - Resolves: RHEL-133984 CVE-2025-6176 Brotli decompression bomb DoS in scrapy...

Oracle Linux 10 : brotli (ELSA-2026-0845)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0845 advisory. 1.1.0-7 - Resolves: RHEL-133984 CVE-2025-6176 Brotli decompression bomb DoS in scrapy Tenable has extracted the preceding description block directly from the...

RHEL 10 : brotli (RHSA-2026:0845)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0845 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffm...

MiracleLinux 9 : gstreamer1-plugins-good-1.18.4-6.el9 (AXSA:2023-5649:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5649:01 advisory. gstreamer-plugins-good: Potential heap overwrite in gstmatroskademuxaddwvpkheader CVE-2022-1920 gstreamer-plugins-good: Heap-based buffer overflow i...

MiracleLinux 9 : skopeo-1.14.3-2.el9 (AXSA:2024-8078:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8078:02 advisory. golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON...

MiracleLinux 9 : bzip2-1.0.8-10.el9_5 (AXSA:2025-9645:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9645:02 advisory. bzip2: bzip2: Data integrity error when decompressing with data integrity tests fail. CVE-2019-12900 Tenable has extracted the preceding description block...

UBUNTU-CVE-2026-23530

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash DoS...

CVE-2026-23531 FreeRDP has heap-buffer-overflow in clear_decompress

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...

CVE-2026-23530 FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash DoS...

CVE-2026-23530

FreeRDP (freerdp_bitmap_decompress_planar, and related paths in RDP handling) is affected by a client-side heap buffer overflow in versions prior to 3.21.0, triggered by insufficient validation of dimensions before RLE decode and other decode paths, leading to DoS and potential code‑execution ris...

USN-7955-2: urllib3 regression

USN-7955-1 fixed vulnerabilities in urllib3. The update introduced a regression in response streaming on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that urllib3 incorrectly handled...