CLSA-2026-1770028764 kernel: Fix of 14 CVEs

efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

AlmaLinux 9 : openssl (ALSA-2026:1473)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1473 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or Deni...

SUSE-SU-2026:0350-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdevdeviceadd bsc1249739. - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700:...

OESA-2026-1252 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 6 Summary: A...

SUSE CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : OpenSSL vulnerabilities (USN-7980-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7980-1 advisory. Stanislav Fort, Petr imeek, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC...

GHSA-H5QV-QJV4-PC5M Unfurl's unbounded zlib decompression allows decompression bomb DoS

Summary The compressed data parser uses zlib.decompress without a maximum output size. A small, highly compressed payload can expand to a very large output, causing memory exhaustion and denial of service. Details - unfurl/parsers/parsecompressed.py calls zlib.decompressdecoded with no size limit...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression

A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service DoS for...

ShellForge: Adversarial Co-Evolution of Webshell Generation and Multi-View Detection for Robust Webshell Defense

Webshells remain a primary foothold for attackers to compromise servers, particularly within PHP ecosystems. However, existing detection mechanisms often struggle to keep pace with rapid variant evolution and sophisticated obfuscation techniques that camouflage malicious intent. Furthermore, many...

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187...

AlmaLinux 10 : openssl (ALSA-2026:1472)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1472 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or...

USN-7980-1 openssl vulnerabilities

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. up to 22 MiB when allocating buffers for CompressedCertificate messages on a TLS 1.3 connection with certificate compression. An attacker can cause service degradation or resource exhaustion...

AZL-75284 CVE-2025-66199 affecting package openssl for versions less than 3.3.5-3

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...