RockyLinux 9 : python3.9 (RLSA-2026:19216)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19216 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 python: Python: Arbitrary code execution or information...

Important: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Amazon Linux 2 : python3, --advisory ALAS2-2026-3281 (ALAS-2026-3281)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3281 advisory. Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain...

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

AlmaLinux 9 : python3.9 (ALSA-2026:10949)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:10949 advisory. python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules CVE-2026-6100 python: cpython: Python:...

RHEL 9 : python3.9 (RHSA-2026:10949)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10949 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

CVE-2026-34543 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

Huawei EulerOS: Security Advisory for brotli (EulerOS-SA-2026-1599)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: python3.12-pip

Issue Overview: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression...

PT-2026-25310

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw exists in the RAR5 archive decompression logic within the archive read data processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the...

CVE-2025-68210

CVE-2025-68210 : In the Linux kernel, the erofs decompression path could spin indefinitely when encountering incomplete zstd-compressed data, i.e., truncated payloads in crafted images. The issue arises from the decompression logic looping due to incomplete input, leading to potential denial-of-s...

yawkat LZ4 Java has a possible information leak in Java safe decompressor

Summary Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lea...

AZL-71849 CVE-2025-66471 affecting package python-urllib3 1.26.19-3

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

JLSEC-2025-11 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many...

BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors...

DEBIAN-CVE-2022-49464

In the Linux kernel, the following vulnerability has been resolved: erofs: fix buffer copy overflow of ztailpacking feature I got some KASAN report as below: 46.959738 ================================================================== 46.960430 BUG: KASAN: use-after-free in...

PT-2024-40036 · Ouch · Ouch

Name of the Vulnerable Software and Affected Versions: ouch affected versions not specified Description: The issue arises when attempting to decompress a file using ouch. It involves reaching the function ouch::archive::zip::convert zip date time, which contains an unsafe function, transmute. Thi...

SUSE CVE-2023-38649

Multiple out-of-bounds write vulnerabilities exist in the VZT vztrdgetfacname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concer...

SUSE CVE-2013-4421

The bufdecompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service memory consumption via a compressed packet that has a large size when it is decompressed...

SUSE CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...