Lucene search
K

472 matches found

OSV
OSV
added 2026/05/13 4:16 p.m.4 views

DEBIAN-CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

7.5CVSS5.8AI score0.0068EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.26 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS0.0068EPSS
Exploits0References47
OSV
OSV
added 2026/05/13 4:16 p.m.7 views

UBUNTU-CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:17 p.m.13 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/13 3:17 p.m.8 views

CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.13 views

SUSE CVE-2026-43469

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement rereceiving on the early exit paths In the event that rpcrdmapostrecvs fails to create a work request due to memory allocation failure, say or otherwise exits early, we should decrement ep-rereceiving before...

5.5CVSS5.7AI score0.0038EPSS
Exploits0References11
Snyk
Snyk
added 2026/05/11 2:51 p.m.7 views

Decompression Bomb

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Decompression Bomb either in HTTPResponse.read when Brotli is in use, or when HTTPResponse.drainconn is called after partial decompression has begun. An...

8.9CVSS5.9AI score0.0068EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 2:51 p.m.20 views

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28775

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement rereceiving on the early exit paths In the event that rpcrdmapostrecvs fails to create a work request due to memory allocation failure, say or otherwise exits early, we should decrement ep-rereceiving before...

5.8AI score0.0038EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/08 3:31 p.m.8 views

EUVD-2026-28743

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

5.8AI score0.00126EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/08 3:31 p.m.18 views

EUVD-2026-28710

In the Linux kernel, the following vulnerability has been resolved: mm: Fix a hmmrangefault livelock / starvation problem If hmmrangefault fails a foliotrylock in doswappage, trying to acquire the lock of a device-private folio for migration, to ram, the function will spin until it succeeds...

5.8AI score0.00093EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.13 views

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References9
OSV
OSV
added 2026/05/08 3:16 p.m.5 views

UBUNTU-CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References10
OSV
OSV
added 2026/05/08 3:16 p.m.5 views

UBUNTU-CVE-2026-43469

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement rereceiving on the early exit paths In the event that rpcrdmapostrecvs fails to create a work request due to memory allocation failure, say or otherwise exits early, we should decrement ep-rereceiving before...

7.5CVSS5.7AI score0.0038EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/08 2:22 p.m.61 views

CVE-2026-43437 ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

7.8CVSS0.00126EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:22 p.m.7 views

CVE-2026-43437

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime runtime = s-runtime at line 2157. After releasing the stream lock at...

5.8AI score0.00126EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/05/08 2:22 p.m.32 views

CVE-2026-43437

CVE-2026-43437 affects the Linux kernel ALSA PCM subsystem (snd_pcm_drain). The issue is a use-after-free in the drain path: during drain, runtime is reassigned to a linked stream’s runtime and after releasing the stream lock, runtime fields (no_period_wakeup, rate, buffer_size) are accessed with...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/05/08 2:21 p.m.15 views

CVE-2026-43404

CVE-2026-43404: In the Linux kernel mm subsystem, hmm_range_fault() can livelock if folio_trylock() fails during device-private folio migration; the spinning waiter may be starved if a dependent work item on the same CPU never runs, causing a DoS-like livelock. Conditions include: migration path ...

5.5CVSS5.8AI score0.00093EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/08 5:16 a.m.19 views

CVE-2026-42278

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

8.8CVSS0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 3:55 a.m.13 views

EUVD-2026-28526

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

8.8CVSS5.8AI score0.00375EPSS
Exploits0References2
Rows per page
Query Builder