Lucene search
K

3278 matches found

OSV
OSV
added 2026/02/06 3:54 p.m.5 views

OESA-2026-1286 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS7.6AI score0.00622EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.2 views

MiracleLinux 9 : brotli-1.0.9-9.el9_7 (AXSA:2026-148:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-148:01 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the...

7.5CVSS5.5AI score0.00509EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.6 views

CVE-2026-25140

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in...

7.5CVSS5.4AI score0.00366EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/05 11:53 a.m.3 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/05 10:29 a.m.9 views

freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...

9.8CVSS6.6AI score0.00443EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/05 9:50 a.m.4 views

Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 9:50 a.m.9 views

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/05 9:42 a.m.3 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.5 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3147 (ALAS-2026-3147)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3147 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire respon...

8.9CVSS5.5AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

RHEL 9 : brotli (RHSA-2026:2042)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2042 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffma...

7.5CVSS5.5AI score0.00509EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.5 views

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3131 (ALAS-2026-3131)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3131 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP...

8.9CVSS5.6AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.6 views

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3156 (ALAS-2026-3156)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3156 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...

8.9CVSS5.8AI score0.00622EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2026/02/05 12:0 a.m.9 views

brotli security update

1.0.9-9 - Resolves: RHEL-133995 Rebuild for CVE-2025-6176 Brotli decompression bomb DoS in scrapy 1.0.9-8 - Resolves: RHEL-133995 CVE-2025-6176 Brotli decompression bomb DoS in scrapy...

7.5CVSS5.3AI score0.00509EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.6 views

AlmaLinux 9 : brotli (ALSA-2026:2042)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:2042 advisory. Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-6176 Tenable has extracted the preceding description block directly from the AlmaLinux...

7.5CVSS5.5AI score0.00509EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Oracle Linux 9 : brotli (ELSA-2026-2042)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2042 advisory. - Resolves: RHEL-133995 Rebuild for CVE-2025-6176 Brotli decompression bomb DoS in scrapy Tenable has extracted the preceding description block directly from th...

7.5CVSS5.5AI score0.00509EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.13 views

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1418)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1418 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1416)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1416 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire...

8.9CVSS5.5AI score0.02667EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1413)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1413 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire...

8.9CVSS5.5AI score0.02667EPSS
Exploits0References4
OSV
OSV
added 2026/02/05 12:0 a.m.6 views

ALSA-2026:2042 Important: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

7.5CVSS7.2AI score0.00509EPSS
Exploits0References4
Amazon
Amazon
added 2026/02/05 12:0 a.m.4 views

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

8.9CVSS5.7AI score0.00622EPSS
Exploits0
Rows per page
Query Builder