VYPR

rpm package

almalinux/resource-agents-gcp

pkg:rpm/almalinux/resource-agents-gcp

Vulnerabilities (12)

  • CVE-2026-30922HigMar 18, 2026
    affected < 4.9.0-54.el8_10.33fixed 4.9.0-54.el8_10.33

    pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa

  • CVE-2026-23490Jan 16, 2026
    affected < 4.9.0-54.el8_10.28fixed 4.9.0-54.el8_10.28

    pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.

  • CVE-2026-21441Jan 7, 2026
    affected < 4.9.0-54.el8_10.27fixed 4.9.0-54.el8_10.27

    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression b

  • CVE-2025-66471Dec 5, 2025
    affected < 4.9.0-54.el8_10.27fixed 4.9.0-54.el8_10.27

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu

  • CVE-2025-66418Dec 5, 2025
    affected < 4.9.0-54.el8_10.27fixed 4.9.0-54.el8_10.27

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a

  • CVE-2024-47081MedJun 9, 2025
    affected < 4.9.0-54.el8_10.16fixed 4.9.0-54.el8_10.16

    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc

  • CVE-2024-6345HigJul 15, 2024
    affected < 4.9.0-54.el8_10.4fixed 4.9.0-54.el8_10.4

    A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti

  • CVE-2024-37891Jun 17, 2024
    affected < 4.9.0-54.el8_10.4fixed 4.9.0-54.el8_10.4

    urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'

  • CVE-2023-52323Jan 5, 2024
    affected < 4.9.0-54.el8fixed 4.9.0-54.el8

    PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

  • CVE-2023-45803Oct 17, 2023
    affected < 4.9.0-54.el8fixed 4.9.0-54.el8

    urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GE

  • CVE-2021-20270Mar 23, 2021
    affected < 4.1.1-98.el8fixed 4.1.1-98.el8

    An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

  • CVE-2021-27291Mar 17, 2021
    affected < 4.1.1-98.el8fixed 4.1.1-98.el8

    In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a