2021-12-05 00:50:14 +00:00
---
hide:
- toc
---
2021-12-05 23:17:30 +00:00
# Security Overview
2021-12-04 20:11:45 +00:00
2021-12-05 00:50:14 +00:00
< link href = "https://truecharts.org/_static/trivy.css" type = "text/css" rel = "stylesheet" / >
2021-12-04 20:11:45 +00:00
## Helm-Chart
##### Scan Results
2021-12-05 00:50:14 +00:00
#### Chart Object: pyload/templates/common.yaml
2021-12-04 20:11:45 +00:00
2021-12-04 20:34:35 +00:00
2021-12-05 00:50:14 +00:00
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | < details > < summary > Expand...< / summary > A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.allowPrivilegeEscalation' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv001" > https://avd.aquasec.com/appshield/ksv001< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | < details > < summary > Expand...< / summary > Enforcing CPU limits prevents DoS via resource exhaustion. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' resources.limits.cpu' < / details > | < details > < summary > Expand...< / summary > < a href = "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits" > https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv011" > https://avd.aquasec.com/appshield/ksv011< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | < details > < summary > Expand...< / summary > When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' resources.requests.cpu' < / details > | < details > < summary > Expand...< / summary > < a href = "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits" > https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv015" > https://avd.aquasec.com/appshield/ksv015< / a > < br > < / details > |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | < details > < summary > Expand...< / summary > When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' resources.requests.memory' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-resources-limits-memory/" > https://kubesec.io/basics/containers-resources-limits-memory/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv016" > https://avd.aquasec.com/appshield/ksv016< / a > < br > < / details > |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | < details > < summary > Expand...< / summary > Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.privileged' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv017" > https://avd.aquasec.com/appshield/ksv017< / a > < br > < / details > |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | < details > < summary > Expand...< / summary > Enforcing memory limits prevents DoS via resource exhaustion. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' resources.limits.memory' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-resources-limits-memory/" > https://kubesec.io/basics/containers-resources-limits-memory/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv018" > https://avd.aquasec.com/appshield/ksv018< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ < br > < hr > < br > Container ' RELEASE-NAME-pyload' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-pyload' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | < details > < summary > Expand...< / summary > HostPath volumes must be forbidden. < br > < hr > < br > Deployment ' RELEASE-NAME-pyload' should not set ' spec.template.volumes.hostPath' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv023" > https://avd.aquasec.com/appshield/ksv023< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | < details > < summary > Expand...< / summary > Containers should be forbidden from running with a root primary or supplementary GID. < br > < hr > < br > Deployment ' RELEASE-NAME-pyload' should set ' spec.securityContext.runAsGroup' , ' spec.securityContext.supplementalGroups[*]' and ' spec.securityContext.fsGroup' to integer greater than 0 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv029" > https://avd.aquasec.com/appshield/ksv029< / a > < br > < / details > |
2021-12-04 20:11:45 +00:00
## Containers
##### Detected Containers
2022-03-26 15:30:42 +00:00
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
2021-12-04 20:11:45 +00:00
tccr.io/truecharts/pyload:version-5de90278@sha256:c33489498cb4541bbf936b1ebd1eaebfb0cae279f738aa0e6184969089e94081
##### Scan Results
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
2022-02-06 17:25:51 +00:00
**alpine**
2022-03-30 20:23:21 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-04-20 21:21:59 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2022/03/25/2" > http://www.openwall.com/lists/oss-security/2022/03/25/2< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/26/1" > http://www.openwall.com/lists/oss-security/2022/03/26/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2018-25032" > https://access.redhat.com/security/cve/CVE-2018-25032< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032< / a > < br > < a href = "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" > https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531< / a > < br > < a href = "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" > https://github.com/madler/zlib/compare/v1.2.11...v1.2.12< / a > < br > < a href = "https://github.com/madler/zlib/issues/605" > https://github.com/madler/zlib/issues/605< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" > https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" > https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5< / a > < br > < a href = "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" > https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" > https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" > https://nvd.nist.gov/vuln/detail/CVE-2018-25032< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-1" > https://ubuntu.com/security/notices/USN-5355-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-2" > https://ubuntu.com/security/notices/USN-5355-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5359-1" > https://ubuntu.com/security/notices/USN-5359-1< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5111" > https://www.debian.org/security/2022/dsa-5111< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/24/1" > https://www.openwall.com/lists/oss-security/2022/03/24/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/1" > https://www.openwall.com/lists/oss-security/2022/03/28/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/3" > https://www.openwall.com/lists/oss-security/2022/03/28/3< / a > < br > < / details > |
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
2021-12-05 00:50:14 +00:00
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**alpine**
2021-12-04 20:34:35 +00:00
2022-03-30 20:23:21 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-04-20 21:21:59 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2022/03/25/2" > http://www.openwall.com/lists/oss-security/2022/03/25/2< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/26/1" > http://www.openwall.com/lists/oss-security/2022/03/26/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2018-25032" > https://access.redhat.com/security/cve/CVE-2018-25032< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032< / a > < br > < a href = "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" > https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531< / a > < br > < a href = "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" > https://github.com/madler/zlib/compare/v1.2.11...v1.2.12< / a > < br > < a href = "https://github.com/madler/zlib/issues/605" > https://github.com/madler/zlib/issues/605< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" > https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" > https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5< / a > < br > < a href = "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" > https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" > https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" > https://nvd.nist.gov/vuln/detail/CVE-2018-25032< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-1" > https://ubuntu.com/security/notices/USN-5355-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-2" > https://ubuntu.com/security/notices/USN-5355-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5359-1" > https://ubuntu.com/security/notices/USN-5359-1< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5111" > https://www.debian.org/security/2022/dsa-5111< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/24/1" > https://www.openwall.com/lists/oss-security/2022/03/24/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/1" > https://www.openwall.com/lists/oss-security/2022/03/28/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/3" > https://www.openwall.com/lists/oss-security/2022/03/28/3< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
#### Container: Python
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**python-pkg**
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-03-30 20:23:21 +00:00
| Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-25287" > https://access.redhat.com/security/cve/CVE-2021-25287< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287< / a > < br > < a href = "https://github.com/advisories/GHSA-77gc-v2xv-rvvh" > https://github.com/advisories/GHSA-77gc-v2xv-rvvh< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" > https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" > https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" > https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25287" > https://nvd.nist.gov/vuln/detail/CVE-2021-25287< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-25288 | CRITICAL | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-25288" > https://access.redhat.com/security/cve/CVE-2021-25288< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288< / a > < br > < a href = "https://github.com/advisories/GHSA-rwv7-3v45-hg29" > https://github.com/advisories/GHSA-rwv7-3v45-hg29< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" > https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" > https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25288" > https://nvd.nist.gov/vuln/detail/CVE-2021-25288< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-25289 | CRITICAL | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-25289" > https://access.redhat.com/security/cve/CVE-2021-25289< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289< / a > < br > < a href = "https://github.com/advisories/GHSA-57h3-9rgr-c24m" > https://github.com/advisories/GHSA-57h3-9rgr-c24m< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c" > https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25289" > https://nvd.nist.gov/vuln/detail/CVE-2021-25289< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-34552 | CRITICAL | 6.2.2 | 8.3.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json" > https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2021-34552" > https://access.redhat.com/security/cve/CVE-2021-34552< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552< / a > < br > < a href = "https://github.com/advisories/GHSA-7534-mm45-c74v" > https://github.com/advisories/GHSA-7534-mm45-c74v< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5567" > https://github.com/python-pillow/Pillow/pull/5567< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-34552" > https://nvd.nist.gov/vuln/detail/CVE-2021-34552< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow" > https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < / details > |
| Pillow | CVE-2022-22815 | CRITICAL | 6.2.2 | 9.0.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22815" > https://access.redhat.com/security/cve/CVE-2022-22815< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815< / a > < br > < a href = "https://github.com/advisories/GHSA-pw3c-h7wp-cvhx" > https://github.com/advisories/GHSA-pw3c-h7wp-cvhx< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331" > https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c" > https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html" > https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-22815" > https://nvd.nist.gov/vuln/detail/CVE-2022-22815< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5053" > https://www.debian.org/security/2022/dsa-5053< / a > < br > < / details > |
| Pillow | CVE-2022-22817 | CRITICAL | 6.2.2 | 9.0.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22817" > https://access.redhat.com/security/cve/CVE-2022-22817< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817< / a > < br > < a href = "https://github.com/advisories/GHSA-8vj2-vxx3-667w" > https://github.com/advisories/GHSA-8vj2-vxx3-667w< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11" > https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2022-22817.html" > https://linux.oracle.com/cve/CVE-2022-22817.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-0643.html" > https://linux.oracle.com/errata/ELSA-2022-0643.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html" > https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-22817" > https://nvd.nist.gov/vuln/detail/CVE-2022-22817< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5053" > https://www.debian.org/security/2022/dsa-5053< / a > < br > < / details > |
2022-04-12 17:24:36 +00:00
| Pillow | CVE-2022-24303 | CRITICAL | 6.2.2 | 9.0.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-24303" > https://access.redhat.com/security/cve/CVE-2022-24303< / a > < br > < a href = "https://github.com/advisories/GHSA-9j59-75qj-795w" > https://github.com/advisories/GHSA-9j59-75qj-795w< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26" > https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/3450" > https://github.com/python-pillow/Pillow/pull/3450< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-24303" > https://nvd.nist.gov/vuln/detail/CVE-2022-24303< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| Pillow | CVE-2020-10379 | HIGH | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-10379" > https://access.redhat.com/security/cve/CVE-2020-10379< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379< / a > < br > < a href = "https://github.com/advisories/GHSA-8843-m7mw-mxqm" > https://github.com/advisories/GHSA-8843-m7mw-mxqm< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10379" > https://nvd.nist.gov/vuln/detail/CVE-2020-10379< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-11538 | HIGH | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-11538" > https://access.redhat.com/security/cve/CVE-2020-11538< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538< / a > < br > < a href = "https://github.com/advisories/GHSA-43fq-w8qq-v88h" > https://github.com/advisories/GHSA-43fq-w8qq-v88h< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security" > https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d" > https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4504" > https://github.com/python-pillow/Pillow/pull/4504< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2020-11538.html" > https://linux.oracle.com/cve/CVE-2020-11538.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2020-3185.html" > https://linux.oracle.com/errata/ELSA-2020-3185.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-11538" > https://nvd.nist.gov/vuln/detail/CVE-2020-11538< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
2022-04-26 20:05:48 +00:00
| Pillow | CVE-2020-35653 | HIGH | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-35653" > https://access.redhat.com/security/cve/CVE-2020-35653< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653< / a > < br > < a href = "https://github.com/advisories/GHSA-f5g8-5qq7-938w" > https://github.com/advisories/GHSA-f5g8-5qq7-938w< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35653" > https://nvd.nist.gov/vuln/detail/CVE-2020-35653< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-2" > https://ubuntu.com/security/notices/USN-4697-2< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| Pillow | CVE-2020-35654 | HIGH | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-35654" > https://access.redhat.com/security/cve/CVE-2020-35654< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654< / a > < br > < a href = "https://github.com/advisories/GHSA-vqcj-wrf2-7v73" > https://github.com/advisories/GHSA-vqcj-wrf2-7v73< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35654" > https://nvd.nist.gov/vuln/detail/CVE-2020-35654< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < / details > |
| Pillow | CVE-2021-23437 | HIGH | 6.2.2 | 8.3.2 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-23437" > https://access.redhat.com/security/cve/CVE-2021-23437< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437< / a > < br > < a href = "https://github.com/advisories/GHSA-98vv-pw6r-q6q4" > https://github.com/advisories/GHSA-98vv-pw6r-q6q4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b" > https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-23437" > https://nvd.nist.gov/vuln/detail/CVE-2021-23437< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < / details > |
| Pillow | CVE-2021-25290 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-25290" > https://access.redhat.com/security/cve/CVE-2021-25290< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290< / a > < br > < a href = "https://github.com/advisories/GHSA-8xjq-8fcg-g5hw" > https://github.com/advisories/GHSA-8xjq-8fcg-g5hw< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa" > https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25290" > https://nvd.nist.gov/vuln/detail/CVE-2021-25290< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-25291 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-25291" > https://access.redhat.com/security/cve/CVE-2021-25291< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291< / a > < br > < a href = "https://github.com/advisories/GHSA-mvg9-xffr-p774" > https://github.com/advisories/GHSA-mvg9-xffr-p774< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a" > https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25291" > https://nvd.nist.gov/vuln/detail/CVE-2021-25291< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-25293 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-25293" > https://access.redhat.com/security/cve/CVE-2021-25293< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293< / a > < br > < a href = "https://github.com/advisories/GHSA-p43w-g3c5-g5mq" > https://github.com/advisories/GHSA-p43w-g3c5-g5mq< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9" > https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25293" > https://nvd.nist.gov/vuln/detail/CVE-2021-25293< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-27921 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-27921" > https://access.redhat.com/security/cve/CVE-2021-27921< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921< / a > < br > < a href = "https://github.com/advisories/GHSA-f4w8-cv6p-x6r5" > https://github.com/advisories/GHSA-f4w8-cv6p-x6r5< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27921" > https://nvd.nist.gov/vuln/detail/CVE-2021-27921< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-27922 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-27922" > https://access.redhat.com/security/cve/CVE-2021-27922< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922< / a > < br > < a href = "https://github.com/advisories/GHSA-3wvg-mj6g-m9cv" > https://github.com/advisories/GHSA-3wvg-mj6g-m9cv< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27922" > https://nvd.nist.gov/vuln/detail/CVE-2021-27922< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-27923 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-27923" > https://access.redhat.com/security/cve/CVE-2021-27923< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923< / a > < br > < a href = "https://github.com/advisories/GHSA-95q3-8gr9-gm8w" > https://github.com/advisories/GHSA-95q3-8gr9-gm8w< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27923" > https://nvd.nist.gov/vuln/detail/CVE-2021-27923< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-28676 | HIGH | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-28676" > https://access.redhat.com/security/cve/CVE-2021-28676< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676< / a > < br > < a href = "https://github.com/advisories/GHSA-7r7m-5h27-29hp" > https://github.com/advisories/GHSA-7r7m-5h27-29hp< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28676" > https://nvd.nist.gov/vuln/detail/CVE-2021-28676< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-28677 | HIGH | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-28677" > https://access.redhat.com/security/cve/CVE-2021-28677< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677< / a > < br > < a href = "https://github.com/advisories/GHSA-q5hq-fp76-qmrc" > https://github.com/advisories/GHSA-q5hq-fp76-qmrc< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28677" > https://nvd.nist.gov/vuln/detail/CVE-2021-28677< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2020-10177 | MEDIUM | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-10177" > https://access.redhat.com/security/cve/CVE-2020-10177< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177< / a > < br > < a href = "https://github.com/advisories/GHSA-cqhg-xjhh-p8hf" > https://github.com/advisories/GHSA-cqhg-xjhh-p8hf< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4503" > https://github.com/python-pillow/Pillow/pull/4503< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html" > https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10177" > https://nvd.nist.gov/vuln/detail/CVE-2020-10177< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-2" > https://ubuntu.com/security/notices/USN-4697-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-10378 | MEDIUM | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-10378" > https://access.redhat.com/security/cve/CVE-2020-10378< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378< / a > < br > < a href = "https://github.com/advisories/GHSA-3xv8-3j54-hgrp" > https://github.com/advisories/GHSA-3xv8-3j54-hgrp< / a > < br > < a href = "https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml" > https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10378" > https://nvd.nist.gov/vuln/detail/CVE-2020-10378< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-10994 | MEDIUM | 6.2.2 | 7.0.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-10994" > https://access.redhat.com/security/cve/CVE-2020-10994< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994< / a > < br > < a href = "https://github.com/advisories/GHSA-vj42-xq3r-hr3r" > https://github.com/advisories/GHSA-vj42-xq3r-hr3r< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security" > https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4" > https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging/" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging/< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4505" > https://github.com/python-pillow/Pillow/pull/4505< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10994" > https://nvd.nist.gov/vuln/detail/CVE-2020-10994< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/" > https://pillow.readthedocs.io/en/stable/releasenotes/< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-35655 | MEDIUM | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2020-35655" > https://access.redhat.com/security/cve/CVE-2020-35655< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655< / a > < br > < a href = "https://github.com/advisories/GHSA-hf64-x4gq-p99h" > https://github.com/advisories/GHSA-hf64-x4gq-p99h< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35655" > https://nvd.nist.gov/vuln/detail/CVE-2020-35655< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < / details > |
| Pillow | CVE-2021-25292 | MEDIUM | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-25292" > https://access.redhat.com/security/cve/CVE-2021-25292< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292< / a > < br > < a href = "https://github.com/advisories/GHSA-9hx2-hgq2-2g4f" > https://github.com/advisories/GHSA-9hx2-hgq2-2g4f< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c" > https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4" > https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25292" > https://nvd.nist.gov/vuln/detail/CVE-2021-25292< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-28675 | MEDIUM | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-28675" > https://access.redhat.com/security/cve/CVE-2021-28675< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675< / a > < br > < a href = "https://github.com/advisories/GHSA-g6rj-rv7j-xwp4" > https://github.com/advisories/GHSA-g6rj-rv7j-xwp4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497" > https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28675" > https://nvd.nist.gov/vuln/detail/CVE-2021-28675< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-28678 | MEDIUM | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-28678" > https://access.redhat.com/security/cve/CVE-2021-28678< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678< / a > < br > < a href = "https://github.com/advisories/GHSA-hjfx-8p6c-g7gx" > https://github.com/advisories/GHSA-hjfx-8p6c-g7gx< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1" > https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28678" > https://nvd.nist.gov/vuln/detail/CVE-2021-28678< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2022-22816 | MEDIUM | 6.2.2 | 9.0.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22816" > https://access.redhat.com/security/cve/CVE-2022-22816< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816< / a > < br > < a href = "https://github.com/advisories/GHSA-xrcv-f9gm-v42c" > https://github.com/advisories/GHSA-xrcv-f9gm-v42c< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331" > https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2022-22816.html" > https://linux.oracle.com/cve/CVE-2022-22816.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-0643.html" > https://linux.oracle.com/errata/ELSA-2022-0643.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html" > https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-22816" > https://nvd.nist.gov/vuln/detail/CVE-2022-22816< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5053" > https://www.debian.org/security/2022/dsa-5053< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-jgpv-4h4c-xhw3" > https://github.com/advisories/GHSA-jgpv-4h4c-xhw3< / a > < br > < a href = "https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3" > https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3< / a > < br > < / details > |
2022-03-26 15:30:42 +00:00
| Pillow | GHSA-4fx9-vc88-q2xc | LOW | 6.2.2 | 9.0.0 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-4fx9-vc88-q2xc" > https://github.com/advisories/GHSA-4fx9-vc88-q2xc< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd" > https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| Pillow | PYSEC-2020-77 | UNKNOWN | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | PYSEC-2020-78 | UNKNOWN | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| pycrypto | CVE-2013-7459 | CRITICAL | 2.6.1 | | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2016/12/27/8" > http://www.openwall.com/lists/oss-security/2016/12/27/8< / a > < br > < a href = "http://www.securityfocus.com/bid/95122" > http://www.securityfocus.com/bid/95122< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2013-7459" > https://access.redhat.com/security/cve/CVE-2013-7459< / a > < br > < a href = "https://bugzilla.redhat.com/show_bug.cgi?id=1409754" > https://bugzilla.redhat.com/show_bug.cgi?id=1409754< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459< / a > < br > < a href = "https://github.com/advisories/GHSA-cq27-v7xp-c356" > https://github.com/advisories/GHSA-cq27-v7xp-c356< / a > < br > < a href = "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4" > https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4< / a > < br > < a href = "https://github.com/dlitz/pycrypto/issues/176" > https://github.com/dlitz/pycrypto/issues/176< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2013-7459" > https://nvd.nist.gov/vuln/detail/CVE-2013-7459< / a > < br > < a href = "https://pony7.fr/ctf:public:32c3:cryptmsg" > https://pony7.fr/ctf:public:32c3:cryptmsg< / a > < br > < a href = "https://security.gentoo.org/glsa/201702-14" > https://security.gentoo.org/glsa/201702-14< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3199-1" > https://ubuntu.com/security/notices/USN-3199-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3199-2" > https://ubuntu.com/security/notices/USN-3199-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3199-3" > https://ubuntu.com/security/notices/USN-3199-3< / a > < br > < / details > |
| pycrypto | CVE-2018-6594 | HIGH | 2.6.1 | | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2018-6594" > https://access.redhat.com/security/cve/CVE-2018-6594< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594< / a > < br > < a href = "https://github.com/Legrandin/pycryptodome/issues/90" > https://github.com/Legrandin/pycryptodome/issues/90< / a > < br > < a href = "https://github.com/TElgamal/attack-on-pycrypto-elgamal" > https://github.com/TElgamal/attack-on-pycrypto-elgamal< / a > < br > < a href = "https://github.com/advisories/GHSA-6528-wvf6-f6qg" > https://github.com/advisories/GHSA-6528-wvf6-f6qg< / a > < br > < a href = "https://github.com/dlitz/pycrypto/issues/253" > https://github.com/dlitz/pycrypto/issues/253< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html" > https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-6594" > https://nvd.nist.gov/vuln/detail/CVE-2018-6594< / a > < br > < a href = "https://security.gentoo.org/glsa/202007-62" > https://security.gentoo.org/glsa/202007-62< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3616-1" > https://ubuntu.com/security/notices/USN-3616-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-3616-2" > https://ubuntu.com/security/notices/USN-3616-2< / a > < br > < a href = "https://usn.ubuntu.com/3616-1/" > https://usn.ubuntu.com/3616-1/< / a > < br > < a href = "https://usn.ubuntu.com/3616-2/" > https://usn.ubuntu.com/3616-2/< / a > < br > < / details > |
