Lucene search
K

230 matches found

OSV
OSV
added 2026/05/01 1:32 p.m.8 views

CLSA-2026-1777642326 ImageMagick: Fix of CVE-2026-24481

CVE-2026-24481: heap information disclosure in PSD format handler via uninitialized memory in ZIP-compressed layer data...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/29 1:26 p.m.11 views

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.9CVSS6.6AI score0.00633EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/29 1:26 p.m.8 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS6.7AI score0.00633EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.5 views

openSUSE 16 Security Update : python-Pillow (openSUSE-SU-2026:20617-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20617-1 advisory. This update for python-Pillow fixes the following issue: - CVE-2026-40192: Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed da...

8.7CVSS5.6AI score0.00671EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/20 1:27 p.m.7 views

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.9CVSS6.6AI score0.00633EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 11:16 p.m.8 views

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

8.7CVSS0.00671EPSS
Exploits0References30
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:41 a.m.20 views

Security Bulletin: High Resource Consumption Vulnerability in urllib3 Streaming API Due to Improper Handling of Highly Compressed Data (≤ v2.6.0) affects watsonx.data

Summary A vulnerability in the urllib3 Streaming API versions 1.0 through 2.6.0 allows highly compressed HTTP responses to be decompressed in a way that can consume excessive system resources. When processing compressed data e.g., gzip or brotli, the library may fully decompress a small input int...

8.9CVSS6.8AI score0.00633EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/03/26 6:35 p.m.3 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the archive extraction process. An attacker can exhaust server memory by uploading specially crafted zip archives containing highly compressed entries. Remediation Upgrad...

7.1CVSS5.9AI score0.00343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...

7.5CVSS6AI score0.01956EPSS
Exploits0References9
Snyk
Snyk
added 2026/03/04 11:22 p.m.2 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the ContentReader process when handling requests with Content-Encoding: gzip. An attacker can cause excessive resource consumption by sending a small compressed payload...

8.7CVSS5.8AI score0.00418EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: resource-agents (UTSA-2026-005389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005389 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data...

8.9CVSS6.1AI score0.00633EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/26 3:13 a.m.5 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview psd-tools is a Python package for working with Adobe Photoshop PSD files as described in specification. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the compression module. An attacker can cause application crashes...

9.1CVSS5.9AI score0.0041EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/25 5:36 p.m.2 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function. An attacker can exhaust memory and CPU resources and cause a server crash by sending a specially crafted HTTP request containing highly compressed...

8.7CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/02/25 5:36 p.m.3 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decode function. An attacker can exhaust memory and CPU resources and cause a server crash by sending a specially crafted HTTP request containing highly compressed...

8.7CVSS6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.6 views

PT-2026-21585

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. A heap information disclosure exists in the PSD Adobe Photoshop format handler...

7.5CVSS5.9AI score0.00348EPSS
Exploits0References166
RedHat Linux
RedHat Linux
added 2026/02/16 7:6 p.m.3 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/16 4:52 p.m.4 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/16 8:8 a.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An attacker can cause service disruption...

8.7CVSS6AI score0.00502EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/05 9:42 a.m.3 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/04 7:16 p.m.2 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References6
Rows per page
Query Builder