rpm package
almalinux/resource-agents-gcp
pkg:rpm/almalinux/resource-agents-gcp
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30922 | Hig | 7.5 | < 4.9.0-54.el8_10.33 | 4.9.0-54.el8_10.33 | Mar 18, 2026 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa | |
| CVE-2026-23490 | — | < 4.9.0-54.el8_10.28 | 4.9.0-54.el8_10.28 | Jan 16, 2026 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. | ||
| CVE-2026-21441 | — | < 4.9.0-54.el8_10.27 | 4.9.0-54.el8_10.27 | Jan 7, 2026 | urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression b | ||
| CVE-2025-66471 | — | < 4.9.0-54.el8_10.27 | 4.9.0-54.el8_10.27 | Dec 5, 2025 | urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu | ||
| CVE-2025-66418 | — | < 4.9.0-54.el8_10.27 | 4.9.0-54.el8_10.27 | Dec 5, 2025 | urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a | ||
| CVE-2024-47081 | Med | 5.3 | < 4.9.0-54.el8_10.16 | 4.9.0-54.el8_10.16 | Jun 9, 2025 | Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc | |
| CVE-2024-6345 | Hig | 8.8 | < 4.9.0-54.el8_10.4 | 4.9.0-54.el8_10.4 | Jul 15, 2024 | A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti | |
| CVE-2024-37891 | — | < 4.9.0-54.el8_10.4 | 4.9.0-54.el8_10.4 | Jun 17, 2024 | urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it' | ||
| CVE-2023-52323 | — | < 4.9.0-54.el8 | 4.9.0-54.el8 | Jan 5, 2024 | PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | ||
| CVE-2023-45803 | — | < 4.9.0-54.el8 | 4.9.0-54.el8 | Oct 17, 2023 | urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GE | ||
| CVE-2021-20270 | — | < 4.1.1-98.el8 | 4.1.1-98.el8 | Mar 23, 2021 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | ||
| CVE-2021-27291 | — | < 4.1.1-98.el8 | 4.1.1-98.el8 | Mar 17, 2021 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a |
- affected < 4.9.0-54.el8_10.33fixed 4.9.0-54.el8_10.33
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousa
- CVE-2026-23490Jan 16, 2026affected < 4.9.0-54.el8_10.28fixed 4.9.0-54.el8_10.28
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
- CVE-2026-21441Jan 7, 2026affected < 4.9.0-54.el8_10.27fixed 4.9.0-54.el8_10.27
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression b
- CVE-2025-66471Dec 5, 2025affected < 4.9.0-54.el8_10.27fixed 4.9.0-54.el8_10.27
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chu
- CVE-2025-66418Dec 5, 2025affected < 4.9.0-54.el8_10.27fixed 4.9.0-54.el8_10.27
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a
- affected < 4.9.0-54.el8_10.16fixed 4.9.0-54.el8_10.16
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc
- affected < 4.9.0-54.el8_10.4fixed 4.9.0-54.el8_10.4
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are suscepti
- CVE-2024-37891Jun 17, 2024affected < 4.9.0-54.el8_10.4fixed 4.9.0-54.el8_10.4
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'
- CVE-2023-52323Jan 5, 2024affected < 4.9.0-54.el8fixed 4.9.0-54.el8
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
- CVE-2023-45803Oct 17, 2023affected < 4.9.0-54.el8fixed 4.9.0-54.el8
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GE
- CVE-2021-20270Mar 23, 2021affected < 4.1.1-98.el8fixed 4.1.1-98.el8
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
- CVE-2021-27291Mar 17, 2021affected < 4.1.1-98.el8fixed 4.1.1-98.el8
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a