577 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-9375
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to...
DEBIAN-CVE-2026-9375
urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...
CVE-2026-9375
urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...
CVE-2026-9375
urllib3 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API when Brotli is enabled and preload_content is False. Three code paths in response.py bypass the max_length protection added in 2.6.0 to mitigate CVE-2025-66471: (1) negative max_length can result from buffer arithmeti...
CVE-2026-9375 Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3
urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...
CVE-2026-9375
urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...
Astra Linux – Vulnerability in Node.js
A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability arises from the fact that the fetch function in Node.js always decodes Brotli, making ...
Astra Linux – Vulnerability in Netty
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high-performance protocol servers and clients. In Netty-Codec-Compression versions 4.1.124.Final and below, as well as Netty-Codec versions 4.2.4.Final and below, when supplied with specially...
PT-2026-51014
Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...
Fedora 45 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-e212182e6e)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-e212182e6e advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebuild for 1.30.3 nginx-mod-headers-more...
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2025-58056
Summary Netty is used by the IBM Datapower Operations Dashboard as part of their server implementation Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-urllib3: python3-urllib3+brotli-2.7.0-3.hum1 noarch python3-urllib3+h2-2.7.0-3.hum1 noarch python3-urllib3+socks-2.7.0-3.hum1 noarch python3-urllib3+zstd-2.7.0-3.hum1 noarch...
ROOT-APP-PYPI-CVE-2025-6176 CVE-2025-6176 in rootio-Brotli - Patched by Root
Root has patched CVE-2025-6176 in the rootio-Brotli package for Root:PyPI. Multiple fixed versions available...
[SECURITY] Fedora 43 Update: nginx-mod-brotli-1.0.0~rc-10.fc43
NGINX module for Brotli compression...
Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-dd9cd16b18)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dd9cd16b18 advisory. nginx-mod-brotli: - Rebuild for 1.30.2 nginx-mod-fancyindex: - Rebuild for 1.30.2 nginx-mod-naxsi: - Rebuild for 1.30.2 nginx-mod-headers-more: - Rebuild for...
CVE-2026-42587
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...
[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-10.fc44
NGINX module for Brotli compression...
[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-9.fc42
NGINX module for Brotli compression...