18 matches found
SUSE SLES16 : Recommended update for python-urllib3 (SUSE-SU-SUSE-RU-2026:21430-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2026:21430-1 advisory. This update for python-urllib3 fixes the following issue: - Fix regression in CVE-2025-66471.patch bsc1254867 Tenable has extracted...
SUSE-RU-2026:21397-1 Recommended update for python-urllib3
This update for python-urllib3 fixes the following issue: - Fix regression in CVE-2025-66471.patch bsc1254867...
EulerOS Virtualization 2.12.1 : python-urllib3 (EulerOS-SA-2026-1459)
According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links ...
Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any.
Summary Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014x8664, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any which is vulnerable to CVE-2026-23490, CVE-2026-0994, CVE-2025-66418, CVE-2025-66471,...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-urllib3 (SUSE-SU-2026:0367-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0367-1 advisory. - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in...
Fedora: Security Advisory (FEDORA-2026-8b7270b473)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively
Summary Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python...
python-urllib3 security update
1.26.5-6.1 - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 - Security fix for CVE-2026-21441 Resolves: RHEL-139401...
python3.12-urllib3 security update
1.26.19-1.1 - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 - Security fix for CVE-2026-21441 Resolves: RHEL-139403...
Oracle Linux 9 : python3.11-urllib3 (ELSA-2026-1089)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-1089 advisory. - Security fix for CVE-2025-66471 - Security fix for CVE-2025-66418 Tenable has extracted the preceding description block directly from the Oracle Linu...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-66471)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-66471 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior t...
Medium: python-pip
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...
CVE-2025-66471 vulnerabilities
Vulnerabilities for packages: py3-pip, dask-kubernetes, py3.13-scanner-test-libraries, ggshield, pypy-3.11, emissary, ansible-operator-fips, confluent-docker-utils, azure-functions-host, datadog-agent, mlflow, nvidia-nsight-compute-13.2, spamcheck, kubeflow-jupyter-web-app, py3-urllib3, graalvm,...
CVE-2025-66471 vulnerabilities
Vulnerabilities for packages: emissary, open-webui, dask-kubernetes, tensorflow-cpu-jupyter, kubeflow-pipelines-visualization-server, dask-gateway, airflow, pypy-3.11, ggshield, py3-cassandra-medusa, semgrep, py3-pipenv, kubeflow-volumes-web-app, az, superset, confluent-docker-utils,...
CVE-2025-66471
creationtimestamp| type| source ---|---|--- 2025-12-05 17:54:47+00:00| seen| https://seclists.org/oss-sec/2025/q4/250 2025-12-05 19:12:43+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m7b6xhddwo2s 2025-12-05 19:13:24+00:00| seen|...
CVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
CVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...
CVE-2025-66471
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...