2021-12-05 00:50:14 +00:00
---
hide:
- toc
---
2021-12-05 23:17:30 +00:00
# Security Overview
2021-12-04 20:11:45 +00:00
2021-12-05 00:50:14 +00:00
< link href = "https://truecharts.org/_static/trivy.css" type = "text/css" rel = "stylesheet" / >
2021-12-04 20:11:45 +00:00
## Helm-Chart
##### Scan Results
2021-12-05 00:50:14 +00:00
#### Chart Object: headphones/templates/common.yaml
2021-12-04 20:11:45 +00:00
2021-12-04 20:34:35 +00:00
2021-12-05 00:50:14 +00:00
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' RELEASE-NAME-headphones' of Deployment ' RELEASE-NAME-headphones' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' RELEASE-NAME-headphones' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' RELEASE-NAME-headphones' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-headphones' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-headphones' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-headphones' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | < details > < summary > Expand...< / summary > Containers should be forbidden from running with a root primary or supplementary GID. < br > < hr > < br > Deployment ' RELEASE-NAME-headphones' should set ' spec.securityContext.runAsGroup' , ' spec.securityContext.supplementalGroups[*]' and ' spec.securityContext.fsGroup' to integer greater than 0 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv029" > https://avd.aquasec.com/appshield/ksv029< / a > < br > < / details > |
2021-12-04 20:11:45 +00:00
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/headphones:version-58edc604@sha256:f605d077d6d6023e3326421ce02eb81bd962163b68569f8e3953cb5ac2898344
##### Scan Results
2021-12-05 00:50:14 +00:00
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**alpine**
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2021-12-28 15:32:09 +00:00
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
#### Container: Python
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**python-pkg**
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287< / a > < br > < a href = "https://github.com/advisories/GHSA-77gc-v2xv-rvvh" > https://github.com/advisories/GHSA-77gc-v2xv-rvvh< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" > https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87" > https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25287" > https://nvd.nist.gov/vuln/detail/CVE-2021-25287< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-25288 | CRITICAL | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288< / a > < br > < a href = "https://github.com/advisories/GHSA-rwv7-3v45-hg29" > https://github.com/advisories/GHSA-rwv7-3v45-hg29< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470" > https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25288" > https://nvd.nist.gov/vuln/detail/CVE-2021-25288< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-25289 | CRITICAL | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289< / a > < br > < a href = "https://github.com/advisories/GHSA-57h3-9rgr-c24m" > https://github.com/advisories/GHSA-57h3-9rgr-c24m< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c" > https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25289" > https://nvd.nist.gov/vuln/detail/CVE-2021-25289< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2022-01-18 16:08:04 +00:00
| Pillow | CVE-2021-34552 | CRITICAL | 6.2.2 | 8.3.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552< / a > < br > < a href = "https://github.com/advisories/GHSA-7534-mm45-c74v" > https://github.com/advisories/GHSA-7534-mm45-c74v< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-34552" > https://nvd.nist.gov/vuln/detail/CVE-2021-34552< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow" > https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < / details > |
2022-01-21 13:03:36 +00:00
| Pillow | CVE-2022-22815 | CRITICAL | 6.2.2 | 9.0.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815< / a > < br > < a href = "https://github.com/advisories/GHSA-pw3c-h7wp-cvhx" > https://github.com/advisories/GHSA-pw3c-h7wp-cvhx< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331" > https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-22815" > https://nvd.nist.gov/vuln/detail/CVE-2022-22815< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < / details > |
| Pillow | CVE-2022-22816 | CRITICAL | 6.2.2 | 9.0.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816< / a > < br > < a href = "https://github.com/advisories/GHSA-xrcv-f9gm-v42c" > https://github.com/advisories/GHSA-xrcv-f9gm-v42c< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331" > https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-22816" > https://nvd.nist.gov/vuln/detail/CVE-2022-22816< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < / details > |
| Pillow | CVE-2022-22817 | CRITICAL | 6.2.2 | 9.0.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817< / a > < br > < a href = "https://github.com/advisories/GHSA-8vj2-vxx3-667w" > https://github.com/advisories/GHSA-8vj2-vxx3-667w< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-22817" > https://nvd.nist.gov/vuln/detail/CVE-2022-22817< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval" > https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2020-10379 | HIGH | 6.2.2 | 6.2.3, 7.0.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379< / a > < br > < a href = "https://github.com/advisories/GHSA-8843-m7mw-mxqm" > https://github.com/advisories/GHSA-8843-m7mw-mxqm< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10379" > https://nvd.nist.gov/vuln/detail/CVE-2020-10379< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-11538 | HIGH | 6.2.2 | | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538< / a > < br > < a href = "https://github.com/advisories/GHSA-43fq-w8qq-v88h" > https://github.com/advisories/GHSA-43fq-w8qq-v88h< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security" > https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d" > https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4504" > https://github.com/python-pillow/Pillow/pull/4504< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2020-11538.html" > https://linux.oracle.com/cve/CVE-2020-11538.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2020-3185.html" > https://linux.oracle.com/errata/ELSA-2020-3185.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-11538" > https://nvd.nist.gov/vuln/detail/CVE-2020-11538< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-35653 | HIGH | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653< / a > < br > < a href = "https://github.com/advisories/GHSA-f5g8-5qq7-938w" > https://github.com/advisories/GHSA-f5g8-5qq7-938w< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35653" > https://nvd.nist.gov/vuln/detail/CVE-2020-35653< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-2" > https://ubuntu.com/security/notices/USN-4697-2< / a > < br > < / details > |
| Pillow | CVE-2020-35654 | HIGH | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654< / a > < br > < a href = "https://github.com/advisories/GHSA-vqcj-wrf2-7v73" > https://github.com/advisories/GHSA-vqcj-wrf2-7v73< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35654" > https://nvd.nist.gov/vuln/detail/CVE-2020-35654< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < / details > |
2022-01-18 16:08:04 +00:00
| Pillow | CVE-2021-23437 | HIGH | 6.2.2 | 8.3.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437< / a > < br > < a href = "https://github.com/advisories/GHSA-98vv-pw6r-q6q4" > https://github.com/advisories/GHSA-98vv-pw6r-q6q4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b" > https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-23437" > https://nvd.nist.gov/vuln/detail/CVE-2021-23437< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-1" > https://ubuntu.com/security/notices/USN-5227-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5227-2" > https://ubuntu.com/security/notices/USN-5227-2< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2021-25290 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290< / a > < br > < a href = "https://github.com/advisories/GHSA-8xjq-8fcg-g5hw" > https://github.com/advisories/GHSA-8xjq-8fcg-g5hw< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa" > https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25290" > https://nvd.nist.gov/vuln/detail/CVE-2021-25290< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-25291 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291< / a > < br > < a href = "https://github.com/advisories/GHSA-mvg9-xffr-p774" > https://github.com/advisories/GHSA-mvg9-xffr-p774< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a" > https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25291" > https://nvd.nist.gov/vuln/detail/CVE-2021-25291< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-25293 | HIGH | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293< / a > < br > < a href = "https://github.com/advisories/GHSA-p43w-g3c5-g5mq" > https://github.com/advisories/GHSA-p43w-g3c5-g5mq< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9" > https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25293" > https://nvd.nist.gov/vuln/detail/CVE-2021-25293< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| Pillow | CVE-2021-27921 | HIGH | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921< / a > < br > < a href = "https://github.com/advisories/GHSA-f4w8-cv6p-x6r5" > https://github.com/advisories/GHSA-f4w8-cv6p-x6r5< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27921" > https://nvd.nist.gov/vuln/detail/CVE-2021-27921< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-11 14:41:32 +00:00
| Pillow | CVE-2021-27922 | HIGH | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922< / a > < br > < a href = "https://github.com/advisories/GHSA-3wvg-mj6g-m9cv" > https://github.com/advisories/GHSA-3wvg-mj6g-m9cv< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27922" > https://nvd.nist.gov/vuln/detail/CVE-2021-27922< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| Pillow | CVE-2021-27923 | HIGH | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923< / a > < br > < a href = "https://github.com/advisories/GHSA-95q3-8gr9-gm8w" > https://github.com/advisories/GHSA-95q3-8gr9-gm8w< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-27923" > https://nvd.nist.gov/vuln/detail/CVE-2021-27923< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2021-28676 | HIGH | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676< / a > < br > < a href = "https://github.com/advisories/GHSA-7r7m-5h27-29hp" > https://github.com/advisories/GHSA-7r7m-5h27-29hp< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28676" > https://nvd.nist.gov/vuln/detail/CVE-2021-28676< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-28677 | HIGH | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677< / a > < br > < a href = "https://github.com/advisories/GHSA-q5hq-fp76-qmrc" > https://github.com/advisories/GHSA-q5hq-fp76-qmrc< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html" > https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28677" > https://nvd.nist.gov/vuln/detail/CVE-2021-28677< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2020-10177 | MEDIUM | 6.2.2 | 7.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177< / a > < br > < a href = "https://github.com/advisories/GHSA-cqhg-xjhh-p8hf" > https://github.com/advisories/GHSA-cqhg-xjhh-p8hf< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4503" > https://github.com/python-pillow/Pillow/pull/4503< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html" > https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10177" > https://nvd.nist.gov/vuln/detail/CVE-2020-10177< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-2" > https://ubuntu.com/security/notices/USN-4697-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-10378 | MEDIUM | 6.2.2 | 6.2.3, 7.0.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378< / a > < br > < a href = "https://github.com/advisories/GHSA-3xv8-3j54-hgrp" > https://github.com/advisories/GHSA-3xv8-3j54-hgrp< / a > < br > < a href = "https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml" > https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac" > https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10378" > https://nvd.nist.gov/vuln/detail/CVE-2020-10378< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html" > https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-10994 | MEDIUM | 6.2.2 | 7.0.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994< / a > < br > < a href = "https://github.com/advisories/GHSA-vj42-xq3r-hr3r" > https://github.com/advisories/GHSA-vj42-xq3r-hr3r< / a > < br > < a href = "https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security" > https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4" > https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commits/master/src/libImaging/" > https://github.com/python-pillow/Pillow/commits/master/src/libImaging/< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4505" > https://github.com/python-pillow/Pillow/pull/4505< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/4538" > https://github.com/python-pillow/Pillow/pull/4538< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-10994" > https://nvd.nist.gov/vuln/detail/CVE-2020-10994< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/" > https://pillow.readthedocs.io/en/stable/releasenotes/< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html" > https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html< / a > < br > < a href = "https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575" > https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-1" > https://ubuntu.com/security/notices/USN-4430-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4430-2" > https://ubuntu.com/security/notices/USN-4430-2< / a > < br > < a href = "https://usn.ubuntu.com/4430-1/" > https://usn.ubuntu.com/4430-1/< / a > < br > < a href = "https://usn.ubuntu.com/4430-2/" > https://usn.ubuntu.com/4430-2/< / a > < br > < / details > |
| Pillow | CVE-2020-15999 | MEDIUM | 6.2.2 | 8.0.1 | < details > < summary > Expand...< / summary > < a href = "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html" > http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html< / a > < br > < a href = "http://seclists.org/fulldisclosure/2020/Nov/33" > http://seclists.org/fulldisclosure/2020/Nov/33< / a > < br > < a href = "https://bugs.chromium.org/p/project-zero/issues/detail?id=2103" > https://bugs.chromium.org/p/project-zero/issues/detail?id=2103< / a > < br > < a href = "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html" > https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html< / a > < br > < a href = "https://crbug.com/1139963" > https://crbug.com/1139963< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999< / a > < br > < a href = "https://github.com/advisories/GHSA-pv36-h7jh-qm62" > https://github.com/advisories/GHSA-pv36-h7jh-qm62< / a > < br > < a href = "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62" > https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62< / a > < br > < a href = "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html" > https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2020-15999.html" > https://linux.oracle.com/cve/CVE-2020-15999.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2020-4952.html" > https://linux.oracle.com/errata/ELSA-2020-4952.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-15999" > https://nvd.nist.gov/vuln/detail/CVE-2020-15999< / a > < br > < a href = "https://security.gentoo.org/glsa/202011-12" > https://security.gentoo.org/glsa/202011-12< / a > < br > < a href = "https://security.gentoo.org/glsa/202012-04" > https://security.gentoo.org/glsa/202012-04< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4593-1" > https://ubuntu.com/security/notices/USN-4593-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4593-2" > https://ubuntu.com/security/notices/USN-4593-2< / a > < br > < a href = "https://www.debian.org/security/2021/dsa-4824" > https://www.debian.org/security/2021/dsa-4824< / a > < br > < a href = "https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999" > https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.Common/" > https://www.nuget.org/packages/CefSharp.Common/< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.WinForms" > https://www.nuget.org/packages/CefSharp.WinForms< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.Wpf" > https://www.nuget.org/packages/CefSharp.Wpf< / a > < br > < a href = "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost" > https://www.nuget.org/packages/CefSharp.Wpf.HwndHost< / a > < br > < / details > |
| Pillow | CVE-2020-35655 | MEDIUM | 6.2.2 | 8.1.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655< / a > < br > < a href = "https://github.com/advisories/GHSA-hf64-x4gq-p99h" > https://github.com/advisories/GHSA-hf64-x4gq-p99h< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2020-35655" > https://nvd.nist.gov/vuln/detail/CVE-2020-35655< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/index.html" > https://pillow.readthedocs.io/en/stable/releasenotes/index.html< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4697-1" > https://ubuntu.com/security/notices/USN-4697-1< / a > < br > < / details > |
| Pillow | CVE-2021-25292 | MEDIUM | 6.2.2 | 8.1.1 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292< / a > < br > < a href = "https://github.com/advisories/GHSA-9hx2-hgq2-2g4f" > https://github.com/advisories/GHSA-9hx2-hgq2-2g4f< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c" > https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c< / a > < br > < a href = "https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4" > https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-25292" > https://nvd.nist.gov/vuln/detail/CVE-2021-25292< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html" > https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4763-1" > https://ubuntu.com/security/notices/USN-4763-1< / a > < br > < / details > |
| Pillow | CVE-2021-28675 | MEDIUM | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675< / a > < br > < a href = "https://github.com/advisories/GHSA-g6rj-rv7j-xwp4" > https://github.com/advisories/GHSA-g6rj-rv7j-xwp4< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497" > https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28675" > https://nvd.nist.gov/vuln/detail/CVE-2021-28675< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | CVE-2021-28678 | MEDIUM | 6.2.2 | 8.2.0 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678< / a > < br > < a href = "https://github.com/advisories/GHSA-hjfx-8p6c-g7gx" > https://github.com/advisories/GHSA-hjfx-8p6c-g7gx< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377" > https://github.com/python-pillow/Pillow/pull/5377< / a > < br > < a href = "https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1" > https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28678" > https://nvd.nist.gov/vuln/detail/CVE-2021-28678< / a > < br > < a href = "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos" > https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-33" > https://security.gentoo.org/glsa/202107-33< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-4963-1" > https://ubuntu.com/security/notices/USN-4963-1< / a > < br > < / details > |
| Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-jgpv-4h4c-xhw3" > https://github.com/advisories/GHSA-jgpv-4h4c-xhw3< / a > < br > < a href = "https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3" > https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3< / a > < br > < / details > |
2022-01-18 16:08:04 +00:00
| lxml | CVE-2021-43818 | HIGH | 4.6.3 | 4.6.5 | < details > < summary > Expand...< / summary > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818< / a > < br > < a href = "https://github.com/advisories/GHSA-55x5-fj6c-h6m8" > https://github.com/advisories/GHSA-55x5-fj6c-h6m8< / a > < br > < a href = "https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt" > https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt< / a > < br > < a href = "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a" > https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a< / a > < br > < a href = "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)" > https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)< / a > < br > < a href = "https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776" > https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776< / a > < br > < a href = "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0" > https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0< / a > < br > < a href = "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)" > https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)< / a > < br > < a href = "https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8" > https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html" > https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-43818" > https://nvd.nist.gov/vuln/detail/CVE-2021-43818< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220107-0005/" > https://security.netapp.com/advisory/ntap-20220107-0005/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5225-1" > https://ubuntu.com/security/notices/USN-5225-1< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5043" > https://www.debian.org/security/2022/dsa-5043< / a > < br > < / details > |
2021-12-07 22:59:37 +00:00
| pip | CVE-2021-28363 | MEDIUM | 20.3.4 | 21.1 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-5phf-pp7p-vc2r" > https://github.com/advisories/GHSA-5phf-pp7p-vc2r< / a > < br > < a href = "https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml" > https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml< / a > < br > < a href = "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15" > https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15< / a > < br > < a href = "https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0" > https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0< / a > < br > < a href = "https://github.com/urllib3/urllib3/commits/main" > https://github.com/urllib3/urllib3/commits/main< / a > < br > < a href = "https://github.com/urllib3/urllib3/releases/tag/1.26.4" > https://github.com/urllib3/urllib3/releases/tag/1.26.4< / a > < br > < a href = "https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r" > https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-28363" > https://nvd.nist.gov/vuln/detail/CVE-2021-28363< / a > < br > < a href = "https://pypi.org/project/urllib3/1.26.4/" > https://pypi.org/project/urllib3/1.26.4/< / a > < br > < a href = "https://security.gentoo.org/glsa/202107-36" > https://security.gentoo.org/glsa/202107-36< / a > < br > < a href = "https://www.oracle.com/security-alerts/cpuoct2021.html" > https://www.oracle.com/security-alerts/cpuoct2021.html< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| pip | CVE-2021-3572 | MEDIUM | 20.3.4 | 21.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/errata/RHSA-2021:3254" > https://access.redhat.com/errata/RHSA-2021:3254< / a > < br > < a href = "https://bugzilla.redhat.com/show_bug.cgi?id=1962856" > https://bugzilla.redhat.com/show_bug.cgi?id=1962856< / a > < br > < a href = "https://github.com/advisories/GHSA-5xp3-jfq3-5q8x" > https://github.com/advisories/GHSA-5xp3-jfq3-5q8x< / a > < br > < a href = "https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b" > https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b< / a > < br > < a href = "https://github.com/pypa/pip/pull/9827" > https://github.com/pypa/pip/pull/9827< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2021-3572.html" > https://linux.oracle.com/cve/CVE-2021-3572.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2021-4455.html" > https://linux.oracle.com/errata/ELSA-2021-4455.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-3572" > https://nvd.nist.gov/vuln/detail/CVE-2021-3572< / a > < br > < a href = "https://packetstormsecurity.com/files/162712/USN-4961-1.txt" > https://packetstormsecurity.com/files/162712/USN-4961-1.txt< / a > < br > < / details > |
| pip | pyup.io-42218 | UNKNOWN | 20.3.4 | 21.1 | < details > < summary > Expand...< / summary > < / details > |