---
hide:
- toc
---
# Security Overview
## Helm-Chart
##### Scan Results
#### Chart Object: headphones/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'RELEASE-NAME-headphones' of Deployment 'RELEASE-NAME-headphones' should add 'ALL' to 'securityContext.capabilities.drop' Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'RELEASE-NAME-headphones' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.runAsNonRoot' to true Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'autopermissions' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.runAsNonRoot' to true Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
Expand...
It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.
Container 'RELEASE-NAME-headphones' of Deployment 'RELEASE-NAME-headphones' should specify an image tag Expand...
https://kubernetes.io/docs/concepts/configuration/overview/#container-images
https://avd.aquasec.com/appshield/ksv013
Expand...
It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.
Container 'autopermissions' of Deployment 'RELEASE-NAME-headphones' should specify an image tag Expand...
https://kubernetes.io/docs/concepts/configuration/overview/#container-images
https://avd.aquasec.com/appshield/ksv013
Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'RELEASE-NAME-headphones' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.readOnlyRootFilesystem' to true Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'autopermissions' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.readOnlyRootFilesystem' to true Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
Expand...
A program inside the container can bypass Seccomp protection policies.
Container 'RELEASE-NAME-headphones' of Deployment 'RELEASE-NAME-headphones' should specify a seccomp profile Expand...
https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/
https://avd.aquasec.com/appshield/ksv019
Expand...
A program inside the container can bypass Seccomp protection policies.
Container 'autopermissions' of Deployment 'RELEASE-NAME-headphones' should specify a seccomp profile Expand...
https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/
https://avd.aquasec.com/appshield/ksv019
Expand...
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.
Container 'RELEASE-NAME-headphones' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.runAsUser' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
Expand...
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.
Container 'autopermissions' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.runAsUser' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
Expand...
Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.
Container 'RELEASE-NAME-headphones' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.runAsGroup' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
Expand...
Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.
Container 'autopermissions' of Deployment 'RELEASE-NAME-headphones' should set 'securityContext.runAsGroup' > 10000 Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
Expand...
Containers should be forbidden from running with a root primary or supplementary GID.
Deployment 'RELEASE-NAME-headphones' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0 Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
https://github.com/advisories/GHSA-77gc-v2xv-rvvh
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
https://github.com/advisories/GHSA-rwv7-3v45-hg29
https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-25288
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289
https://github.com/advisories/GHSA-57h3-9rgr-c24m
https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
https://nvd.nist.gov/vuln/detail/CVE-2021-25289
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
https://github.com/advisories/GHSA-7534-mm45-c74v
https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
https://nvd.nist.gov/vuln/detail/CVE-2021-34552
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379
https://github.com/advisories/GHSA-8843-m7mw-mxqm
https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
https://github.com/python-pillow/Pillow/commits/master/src/libImaging
https://github.com/python-pillow/Pillow/pull/4538
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://nvd.nist.gov/vuln/detail/CVE-2020-10379
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
https://ubuntu.com/security/notices/USN-4430-2
https://usn.ubuntu.com/4430-2/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538
https://github.com/advisories/GHSA-43fq-w8qq-v88h
https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d
https://github.com/python-pillow/Pillow/pull/4504
https://github.com/python-pillow/Pillow/pull/4538
https://linux.oracle.com/cve/CVE-2020-11538.html
https://linux.oracle.com/errata/ELSA-2020-3185.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://nvd.nist.gov/vuln/detail/CVE-2020-11538
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
https://ubuntu.com/security/notices/USN-4430-1
https://ubuntu.com/security/notices/USN-4430-2
https://usn.ubuntu.com/4430-1/
https://usn.ubuntu.com/4430-2/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653
https://github.com/advisories/GHSA-f5g8-5qq7-938w
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
https://nvd.nist.gov/vuln/detail/CVE-2020-35653
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
https://ubuntu.com/security/notices/USN-4697-1
https://ubuntu.com/security/notices/USN-4697-2
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654
https://github.com/advisories/GHSA-vqcj-wrf2-7v73
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
https://nvd.nist.gov/vuln/detail/CVE-2020-35654
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
https://ubuntu.com/security/notices/USN-4697-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
https://github.com/advisories/GHSA-98vv-pw6r-q6q4
https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/
https://nvd.nist.gov/vuln/detail/CVE-2021-23437
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290
https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2021-25290
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
https://github.com/advisories/GHSA-mvg9-xffr-p774
https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
https://nvd.nist.gov/vuln/detail/CVE-2021-25291
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293
https://github.com/advisories/GHSA-p43w-g3c5-g5mq
https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
https://nvd.nist.gov/vuln/detail/CVE-2021-25293
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
https://nvd.nist.gov/vuln/detail/CVE-2021-27921
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
https://nvd.nist.gov/vuln/detail/CVE-2021-27922
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
https://github.com/advisories/GHSA-95q3-8gr9-gm8w
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
https://nvd.nist.gov/vuln/detail/CVE-2021-27923
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
https://github.com/advisories/GHSA-7r7m-5h27-29hp
https://github.com/python-pillow/Pillow/pull/5377
https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28676
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
https://github.com/advisories/GHSA-q5hq-fp76-qmrc
https://github.com/python-pillow/Pillow/pull/5377
https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28677
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177
https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
https://github.com/python-pillow/Pillow/commits/master/src/libImaging
https://github.com/python-pillow/Pillow/pull/4503
https://github.com/python-pillow/Pillow/pull/4538
https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://nvd.nist.gov/vuln/detail/CVE-2020-10177
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
https://ubuntu.com/security/notices/USN-4430-1
https://ubuntu.com/security/notices/USN-4430-2
https://ubuntu.com/security/notices/USN-4697-2
https://usn.ubuntu.com/4430-1/
https://usn.ubuntu.com/4430-2/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378
https://github.com/advisories/GHSA-3xv8-3j54-hgrp
https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
https://github.com/python-pillow/Pillow/commits/master/src/libImaging
https://github.com/python-pillow/Pillow/pull/4538
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://nvd.nist.gov/vuln/detail/CVE-2020-10378
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://ubuntu.com/security/notices/USN-4430-1
https://ubuntu.com/security/notices/USN-4430-2
https://usn.ubuntu.com/4430-1/
https://usn.ubuntu.com/4430-2/
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994
https://github.com/advisories/GHSA-vj42-xq3r-hr3r
https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4
https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
https://github.com/python-pillow/Pillow/pull/4505
https://github.com/python-pillow/Pillow/pull/4538
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
https://nvd.nist.gov/vuln/detail/CVE-2020-10994
https://pillow.readthedocs.io/en/stable/releasenotes/
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
https://ubuntu.com/security/notices/USN-4430-1
https://ubuntu.com/security/notices/USN-4430-2
https://usn.ubuntu.com/4430-1/
https://usn.ubuntu.com/4430-2/
Expand...
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
http://seclists.org/fulldisclosure/2020/Nov/33
https://bugs.chromium.org/p/project-zero/issues/detail?id=2103
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
https://crbug.com/1139963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
https://github.com/advisories/GHSA-pv36-h7jh-qm62
https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
https://linux.oracle.com/cve/CVE-2020-15999.html
https://linux.oracle.com/errata/ELSA-2020-4952.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/
https://nvd.nist.gov/vuln/detail/CVE-2020-15999
https://security.gentoo.org/glsa/202011-12
https://security.gentoo.org/glsa/202012-04
https://ubuntu.com/security/notices/USN-4593-1
https://ubuntu.com/security/notices/USN-4593-2
https://www.debian.org/security/2021/dsa-4824
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999
https://www.nuget.org/packages/CefSharp.Common/
https://www.nuget.org/packages/CefSharp.WinForms
https://www.nuget.org/packages/CefSharp.Wpf
https://www.nuget.org/packages/CefSharp.Wpf.HwndHost
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655
https://github.com/advisories/GHSA-hf64-x4gq-p99h
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
https://nvd.nist.gov/vuln/detail/CVE-2020-35655
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
https://ubuntu.com/security/notices/USN-4697-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292
https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
https://nvd.nist.gov/vuln/detail/CVE-2021-25292
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4763-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28675
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
https://github.com/python-pillow/Pillow/pull/5377
https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28678
https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
https://security.gentoo.org/glsa/202107-33
https://ubuntu.com/security/notices/USN-4963-1
Expand...
https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
Expand...
https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
Expand...
https://access.redhat.com/errata/RHSA-2021:3254
https://bugzilla.redhat.com/show_bug.cgi?id=1962856
https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
https://github.com/pypa/pip/pull/9827
https://linux.oracle.com/cve/CVE-2021-3572.html
https://linux.oracle.com/errata/ELSA-2021-4455.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3572
https://packetstormsecurity.com/files/162712/USN-4961-1.txt
Expand...