2021-12-05 00:50:14 +00:00
---
hide:
- toc
---
2021-12-05 23:17:30 +00:00
# Security Overview
2021-12-04 20:11:45 +00:00
2021-12-05 00:50:14 +00:00
< link href = "https://truecharts.org/_static/trivy.css" type = "text/css" rel = "stylesheet" / >
2021-12-04 20:11:45 +00:00
## Helm-Chart
##### Scan Results
2021-12-05 00:50:14 +00:00
#### Chart Object: pyload/templates/common.yaml
2021-12-04 20:11:45 +00:00
2021-12-04 20:34:35 +00:00
2021-12-05 00:50:14 +00:00
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
| Kubernetes Security Check | KSV013 | Image tag ' :latest' used | LOW | < details > < summary > Expand...< / summary > It is best to avoid using the ' :latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should specify an image tag < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/configuration/overview/#container-images" > https://kubernetes.io/docs/concepts/configuration/overview/#container-images< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv013" > https://avd.aquasec.com/appshield/ksv013< / a > < br > < / details > |
| Kubernetes Security Check | KSV013 | Image tag ' :latest' used | LOW | < details > < summary > Expand...< / summary > It is best to avoid using the ' :latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should specify an image tag < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/configuration/overview/#container-images" > https://kubernetes.io/docs/concepts/configuration/overview/#container-images< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv013" > https://avd.aquasec.com/appshield/ksv013< / a > < br > < / details > |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | < details > < summary > Expand...< / summary > A program inside the container can bypass Seccomp protection policies. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should specify a seccomp profile < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/" > https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv019" > https://avd.aquasec.com/appshield/ksv019< / a > < br > < / details > |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | < details > < summary > Expand...< / summary > A program inside the container can bypass Seccomp protection policies. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should specify a seccomp profile < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/" > https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv019" > https://avd.aquasec.com/appshield/ksv019< / a > < br > < / details > |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | < details > < summary > Expand...< / summary > Containers should be forbidden from running with a root primary or supplementary GID. < br > < hr > < br > Deployment ' RELEASE-NAME-pyload' should set ' spec.securityContext.runAsGroup' , ' spec.securityContext.supplementalGroups[*]' and ' spec.securityContext.fsGroup' to integer greater than 0 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv029" > https://avd.aquasec.com/appshield/ksv029< / a > < br > < / details > |
2021-12-04 20:11:45 +00:00
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/pyload:version-5de90278@sha256:c33489498cb4541bbf936b1ebd1eaebfb0cae279f738aa0e6184969089e94081
##### Scan Results
2021-12-05 00:50:14 +00:00
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**alpine**
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2021-12-07 22:59:37 +00:00
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < / details > |
#### Container: Python
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**python-pkg**
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287< / a > < br > < a href = "https://github.com/advisories/GHSA-77gc-v2xv-rvvh" > https://github.com/advisories/GHSA-77gc-v2xv-rvvh< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" > https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" > https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25287" > https://nvd.nist.gov/vuln/detail/CVE-2021-25287< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-25288 | CRITICAL | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288< / a > < br > < a href = "https://github.com/advisories/GHSA-rwv7-3v45-hg29" > https://github.com/advisories/GHSA-rwv7-3v45-hg29< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" > https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25288" > https://nvd.nist.gov/vuln/detail/CVE-2021-25288< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-25289 | CRITICAL | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289< / a > < br > < a href = "https://github.com/advisories/GHSA-57h3-9rgr-c24m" > https://github.com/advisories/GHSA-57h3-9rgr-c24m< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c" > https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25289" > https://nvd.nist.gov/vuln/detail/CVE-2021-25289< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-34552 | CRITICAL | 6.2.2 | 8.3.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552< / a > < br > < a href = "https://github.com/advisories/GHSA-7534-mm45-c74v" > https://github.com/advisories/GHSA-7534-mm45-c74v< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-34552" > https://nvd.nist.gov/vuln/detail/CVE-2021-34552< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow" > https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < / details > |
| Pillow | CVE-2020-10379 | HIGH | 6.2.2 | 6.2.3, 7.0.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379< / a > < br > < a href = "https://github.com/advisories/GHSA-8843-m7mw-mxqm" > https://github.com/advisories/GHSA-8843-m7mw-mxqm< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10379" > https://nvd.nist.gov/vuln/detail/CVE-2020-10379< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-11538 | HIGH | 6.2.2 | | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538< / a > < br > < a href = "https://github.com/advisories/GHSA-43fq-w8qq-v88h" > https://github.com/advisories/GHSA-43fq-w8qq-v88h< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security" > https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d" > https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4504" > https://github.com/python-pillow/Pillow/pull/4504< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2020-11538.html" > https://linux.oracle.com/cve/CVE-2020-11538.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2020-3185.html" > https://linux.oracle.com/errata/ELSA-2020-3185.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-11538" > https://nvd.nist.gov/vuln/detail/CVE-2020-11538< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-35653 | HIGH | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653< / a > < br > < a href = "https://github.com/advisories/GHSA-f5g8-5qq7-938w" > https://github.com/advisories/GHSA-f5g8-5qq7-938w< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35653" > https://nvd.nist.gov/vuln/detail/CVE-2020-35653< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-2" > https://ubuntu.com/security/notices/USN-4697-2< / a > < br > < / details > |
| Pillow | CVE-2020-35654 | HIGH | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654< / a > < br > < a href = "https://github.com/advisories/GHSA-vqcj-wrf2-7v73" > https://github.com/advisories/GHSA-vqcj-wrf2-7v73< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35654" > https://nvd.nist.gov/vuln/detail/CVE-2020-35654< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < / details > |
| Pillow | CVE-2021-23437 | HIGH | 6.2.2 | 8.3.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437< / a > < br > < a href = "https://github.com/advisories/GHSA-98vv-pw6r-q6q4" > https://github.com/advisories/GHSA-98vv-pw6r-q6q4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b" > https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-23437" > https://nvd.nist.gov/vuln/detail/CVE-2021-23437< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443< / a > < br > < / details > |
| Pillow | CVE-2021-25290 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290< / a > < br > < a href = "https://github.com/advisories/GHSA-8xjq-8fcg-g5hw" > https://github.com/advisories/GHSA-8xjq-8fcg-g5hw< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa" > https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25290" > https://nvd.nist.gov/vuln/detail/CVE-2021-25290< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-25291 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291< / a > < br > < a href = "https://github.com/advisories/GHSA-mvg9-xffr-p774" > https://github.com/advisories/GHSA-mvg9-xffr-p774< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a" > https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25291" > https://nvd.nist.gov/vuln/detail/CVE-2021-25291< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-25293 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293< / a > < br > < a href = "https://github.com/advisories/GHSA-p43w-g3c5-g5mq" > https://github.com/advisories/GHSA-p43w-g3c5-g5mq< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9" > https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25293" > https://nvd.nist.gov/vuln/detail/CVE-2021-25293< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| Pillow | CVE-2021-27921 | HIGH | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921< / a > < br > < a href = "https://github.com/advisories/GHSA-f4w8-cv6p-x6r5" > https://github.com/advisories/GHSA-f4w8-cv6p-x6r5< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27921" > https://nvd.nist.gov/vuln/detail/CVE-2021-27921< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2021-27922 | HIGH | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922< / a > < br > < a href = "https://github.com/advisories/GHSA-3wvg-mj6g-m9cv" > https://github.com/advisories/GHSA-3wvg-mj6g-m9cv< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27922" > https://nvd.nist.gov/vuln/detail/CVE-2021-27922< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| Pillow | CVE-2021-27923 | HIGH | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923< / a > < br > < a href = "https://github.com/advisories/GHSA-95q3-8gr9-gm8w" > https://github.com/advisories/GHSA-95q3-8gr9-gm8w< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27923" > https://nvd.nist.gov/vuln/detail/CVE-2021-27923< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2021-28676 | HIGH | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676< / a > < br > < a href = "https://github.com/advisories/GHSA-7r7m-5h27-29hp" > https://github.com/advisories/GHSA-7r7m-5h27-29hp< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28676" > https://nvd.nist.gov/vuln/detail/CVE-2021-28676< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-28677 | HIGH | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677< / a > < br > < a href = "https://github.com/advisories/GHSA-q5hq-fp76-qmrc" > https://github.com/advisories/GHSA-q5hq-fp76-qmrc< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28677" > https://nvd.nist.gov/vuln/detail/CVE-2021-28677< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2020-10177 | MEDIUM | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177< / a > < br > < a href = "https://github.com/advisories/GHSA-cqhg-xjhh-p8hf" > https://github.com/advisories/GHSA-cqhg-xjhh-p8hf< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4503" > https://github.com/python-pillow/Pillow/pull/4503< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html" > https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10177" > https://nvd.nist.gov/vuln/detail/CVE-2020-10177< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-2" > https://ubuntu.com/security/notices/USN-4697-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-10378 | MEDIUM | 6.2.2 | 6.2.3, 7.0.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378< / a > < br > < a href = "https://github.com/advisories/GHSA-3xv8-3j54-hgrp" > https://github.com/advisories/GHSA-3xv8-3j54-hgrp< / a > < br > < a href = "https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml" > https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10378" > https://nvd.nist.gov/vuln/detail/CVE-2020-10378< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-10994 | MEDIUM | 6.2.2 | 7.0.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994< / a > < br > < a href = "https://github.com/advisories/GHSA-vj42-xq3r-hr3r" > https://github.com/advisories/GHSA-vj42-xq3r-hr3r< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security" > https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4" > https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging/" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging/< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4505" > https://github.com/python-pillow/Pillow/pull/4505< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10994" > https://nvd.nist.gov/vuln/detail/CVE-2020-10994< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/" > https://pillow.readthedocs.io/en/stable/releasenotes/< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-15999 | MEDIUM | 6.2.2 | 8.0.1 | < details > < summary > Expand...< / summary > < a href = "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html" > http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html< / a > < br > < a href = "http://seclists.org/fulldisclosure/2020/Nov/33" > http://seclists.org/fulldisclosure/2020/Nov/33< / a > < br > < a href = "https://bugs.chromium.org/p/project-zero/issues/detail?id=2103" > https://bugs.chromium.org/p/project-zero/issues/detail?id=2103< / a > < br > < a href = "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html" > https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html< / a > < br > < a href = "https://crbug.com/1139963" > https://crbug.com/1139963< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999< / a > < br > < a href = "https://github.com/advisories/GHSA-pv36-h7jh-qm62" > https://github.com/advisories/GHSA-pv36-h7jh-qm62< / a > < br > < a href = "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62" > https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62< / a > < br > < a href = "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html" > https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2020-15999.html" > https://linux.oracle.com/cve/CVE-2020-15999.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2020-4952.html" > https://linux.oracle.com/errata/ELSA-2020-4952.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-15999" > https://nvd.nist.gov/vuln/detail/CVE-2020-15999< / a > < br > < a href = "https://security.gentoo.org/glsa/202011-12" > https://security.gentoo.org/glsa/202011-12< / a > < br > < a href = "https://security.gentoo.org/glsa/202012-04" > https://security.gentoo.org/glsa/202012-04< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4593-1" > https://ubuntu.com/security/notices/USN-4593-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4593-2" > https://ubuntu.com/security/notices/USN-4593-2< / a > < br > < a href = "https://www.debian.org/security/2021/dsa-4824" > https://www.debian.org/security/2021/dsa-4824< / a > < br > < a href = "https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999" > https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.Common/" > https://www.nuget.org/packages/CefSharp.Common/< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.WinForms" > https://www.nuget.org/packages/CefSharp.WinForms< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.Wpf" > https://www.nuget.org/packages/CefSharp.Wpf< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost" > https://www.nuget.org/packages/CefSharp.Wpf.HwndHost< / a > < br > < / details > |
| Pillow | CVE-2020-35655 | MEDIUM | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655< / a > < br > < a href = "https://github.com/advisories/GHSA-hf64-x4gq-p99h" > https://github.com/advisories/GHSA-hf64-x4gq-p99h< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35655" > https://nvd.nist.gov/vuln/detail/CVE-2020-35655< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < / details > |
| Pillow | CVE-2021-25292 | MEDIUM | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292< / a > < br > < a href = "https://github.com/advisories/GHSA-9hx2-hgq2-2g4f" > https://github.com/advisories/GHSA-9hx2-hgq2-2g4f< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c" > https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4" > https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25292" > https://nvd.nist.gov/vuln/detail/CVE-2021-25292< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-28675 | MEDIUM | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675< / a > < br > < a href = "https://github.com/advisories/GHSA-g6rj-rv7j-xwp4" > https://github.com/advisories/GHSA-g6rj-rv7j-xwp4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497" > https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28675" > https://nvd.nist.gov/vuln/detail/CVE-2021-28675< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-28678 | MEDIUM | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678< / a > < br > < a href = "https://github.com/advisories/GHSA-hjfx-8p6c-g7gx" > https://github.com/advisories/GHSA-hjfx-8p6c-g7gx< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1" > https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28678" > https://nvd.nist.gov/vuln/detail/CVE-2021-28678< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-jgpv-4h4c-xhw3" > https://github.com/advisories/GHSA-jgpv-4h4c-xhw3< / a > < br > < a href = "https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3" > https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3< / a > < br > < / details > |
| pycrypto | CVE-2013-7459 | CRITICAL | 2.6.1 | | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2016/12/27/8" > http://www.openwall.com/lists/oss-security/2016/12/27/8< / a > < br > < a href = "http://www.securityfocus.com/bid/95122" > http://www.securityfocus.com/bid/95122< / a > < br > < a href = "https://bugzilla.redhat.com/show_bug.cgi?id=1409754" > https://bugzilla.redhat.com/show_bug.cgi?id=1409754< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459< / a > < br > < a href = "https://github.com/advisories/GHSA-cq27-v7xp-c356" > https://github.com/advisories/GHSA-cq27-v7xp-c356< / a > < br > < a href = "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4" > https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4< / a > < br > < a href = "https://github.com/dlitz/pycrypto/issues/176" > https://github.com/dlitz/pycrypto/issues/176< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2013-7459" > https://nvd.nist.gov/vuln/detail/CVE-2013-7459< / a > < br > < a href = "https://pony7.fr/ctf:public:32c3:cryptmsg" > https://pony7.fr/ctf:public:32c3:cryptmsg< / a > < br > < a href = "https://security.gentoo.org/glsa/201702-14" > https://security.gentoo.org/glsa/201702-14< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3199-1" > https://ubuntu.com/security/notices/USN-3199-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3199-2" > https://ubuntu.com/security/notices/USN-3199-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3199-3" > https://ubuntu.com/security/notices/USN-3199-3< / a > < br > < / details > |
| pycrypto | CVE-2018-6594 | HIGH | 2.6.1 | | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594< / a > < br > < a href = "https://github.com/Legrandin/pycryptodome/issues/90" > https://github.com/Legrandin/pycryptodome/issues/90< / a > < br > < a href = "https://github.com/TElgamal/attack-on-pycrypto-elgamal" > https://github.com/TElgamal/attack-on-pycrypto-elgamal< / a > < br > < a href = "https://github.com/advisories/GHSA-6528-wvf6-f6qg" > https://github.com/advisories/GHSA-6528-wvf6-f6qg< / a > < br > < a href = "https://github.com/dlitz/pycrypto/issues/253" > https://github.com/dlitz/pycrypto/issues/253< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html" > https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-6594" > https://nvd.nist.gov/vuln/detail/CVE-2018-6594< / a > < br > < a href = "https://security.gentoo.org/glsa/202007-62" > https://security.gentoo.org/glsa/202007-62< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3616-1" > https://ubuntu.com/security/notices/USN-3616-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3616-2" > https://ubuntu.com/security/notices/USN-3616-2< / a > < br > < a href = "https://usn.ubuntu.com/3616-1/" > https://usn.ubuntu.com/3616-1/< / a > < br > < a href = "https://usn.ubuntu.com/3616-2/" > https://usn.ubuntu.com/3616-2/< / a > < br > < / details > |