Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:3917
HistoryOct 19, 2021 - 12:05 p.m.

(RHSA-2021:3917) Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update

2021-10-1912:05:33
access.redhat.com
22

0.017 Low

EPSS

Percentile

87.8%

JSON

Quay 3.6.0 release

Security Fix(es):

  • nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)

  • python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)

  • nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)

  • nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)

  • nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)

  • nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)

  • nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)

  • nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)

  • nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)

  • nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)

  • nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)

  • nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

  • nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)

  • urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)

  • python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)

  • browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)

  • nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)

  • nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)

  • python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)

  • python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)

  • python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)

  • python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)

  • nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)

  • python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)

  • python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)

  • python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)

  • python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)

  • nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)

  • lodash: Prototype pollution in utilities function (CVE-2018-3721)

  • hoek: Prototype pollution in utilities function (CVE-2018-3728)

  • lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)

  • nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

  • python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 61
ubuntu 3
openvas 45
osv 13
fedora 13
suse 3
gentoo 2
redhat 9
rocky 4
almalinux 3
oraclelinux 2
huntr 5
debiancve 2
cvelist 2
veracode 2
ubuntucve 3
github 2
photon 5
mageia 1
prion 3
f5 1
cve 2
nvd 1
redhatcve 2
alpinelinux 1
debian 1
cloudfoundry 1
amazon 1
archlinux 2
slackware 1
ibm 3
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Pillow vulnerabilities (USN-4763-1)
2021-03-23 00:00:00
Fedora 32 : python-pillow / python2-pillow (2021-0ece308612)
2021-03-15 00:00:00
Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)
2021-03-15 00:00:00
ubuntu
ubuntu
Pillow vulnerabilities
2021-03-11 00:00:00
Kerberos vulnerabilities
2023-03-16 00:00:00
Pillow vulnerabilities
2021-01-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4763-1)
2021-03-12 00:00:00
Fedora: Security Advisory for python-pillow (FEDORA-2021-15845d3abe)
2021-03-15 00:00:00
Fedora: Security Advisory for python-pillow (FEDORA-2021-0ece308612)
2021-03-15 00:00:00
osv
osv
pillow vulnerabilities
2021-03-11 14:56:28
Moderate: curl security update
2021-09-21 07:12:18
Moderate: python-pillow security update
2021-11-09 08:24:34
fedora
fedora
[SECURITY] Fedora 32 Update: python-pillow-7.0.0-7.fc32
2021-03-15 01:08:24
[SECURITY] Fedora 33 Update: python-pillow-7.2.0-5.fc33
2021-03-15 01:20:06
[SECURITY] Fedora 33 Update: mingw-python-pillow-7.2.0-5.fc33
2021-03-15 01:20:06
suse
suse
Security update for python-CairoSVG, python-Pillow (moderate)
2021-08-10 00:00:00
Security update for curl (moderate)
2021-07-21 00:00:00
Security update for curl (moderate)
2021-07-24 00:00:00
gentoo
gentoo
Pillow: Multiple vulnerabilities
2021-07-14 00:00:00
Pillow: Multiple vulnerabilities
2021-01-11 00:00:00
redhat
redhat
(RHSA-2021:3582) Moderate: curl security update
2021-09-21 07:12:18
(RHSA-2020:5179) Low: Red Hat Virtualization security, bug fix, and enhancement update
2020-11-24 12:30:25
(RHSA-2021:4149) Moderate: python-pillow security update
2021-11-09 08:24:34
rocky
rocky
python-pillow security update
2021-11-09 08:24:34
curl security update
2021-09-21 07:12:18
krb5 security update
2021-09-21 07:09:33
almalinux
almalinux
Moderate: curl security update
2021-09-21 07:12:18
Moderate: python-pillow security update
2021-11-09 08:24:34
Moderate: krb5 security update
2021-09-21 07:09:33
oraclelinux
oraclelinux
curl security update
2021-09-21 00:00:00
krb5 security update
2021-09-23 00:00:00
huntr
huntr
Open Redirect in ionicabizau/git-up
2021-07-10 13:51:54
Open Redirect in ionicabizau/parse-url
2021-07-10 14:13:37
Open Redirect in ionicabizau/parse-path
2021-07-08 08:08:33
debiancve
debiancve
CVE-2021-25289
2021-03-19 04:15:13
CVE-2018-16492
2019-02-01 18:29:01
cvelist
cvelist
CVE-2021-25289
2021-03-19 03:29:48
CVE-2018-16492
2019-02-01 18:00:00
veracode
veracode
Denial Of Service (DoS)
2021-03-22 04:44:22
Regular Expression Denial Of Service (ReDoS)
2018-08-30 06:08:10
ubuntucve
ubuntucve
CVE-2021-25289
2021-03-03 00:00:00
CVE-2018-16492
2019-02-01 00:00:00
CVE-2017-16138
2018-06-07 00:00:00
github
github
Out of bounds write in Pillow
2021-03-29 16:35:16
Prototype Pollution in extend
2019-02-07 18:03:28
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0069
2021-07-25 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0273
2021-07-24 00:00:00
Moderate Photon OS Security Update - PHSA-2021-3.0-0273
2021-07-24 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2021-07-27 23:21:53
prion
prion
Heap overflow
2021-03-19 04:15:00
Buffer overflow
2019-02-01 18:29:00
Denial of service
2019-07-17 21:15:00
f5
f5
K14102355 : Python Pillow vulnerability CVE-2021-25289
2021-06-03 00:00:00
cve
cve
CVE-2021-25289
2021-03-19 04:15:13
CVE-2018-16492
2019-02-01 18:29:01
nvd
nvd
CVE-2021-25289
2021-03-19 04:15:13
redhatcve
redhatcve
CVE-2021-25289
2021-03-03 17:04:09
CVE-2018-16492
2019-02-04 20:50:30
alpinelinux
alpinelinux
CVE-2021-25289
2021-03-19 04:15:13
debian
debian
[SECURITY] [DLA 2716-1] pillow security update
2021-07-22 11:17:53
cloudfoundry
cloudfoundry
USN-5959-1: Kerberos vulnerabilities Severity | Cloud Foundry
2023-04-29 00:00:00
amazon
amazon
Medium: curl
2021-09-08 23:35:00
archlinux
archlinux
[ASA-202107-59] curl: multiple issues
2021-07-21 00:00:00
[ASA-202101-11] python-pillow: multiple issues
2021-01-12 00:00:00
slackware
slackware
[slackware-security] curl
2021-07-21 18:22:03
ibm
ibm
Security Bulletin: Vulnerability in Lodash affects IBM Process Mining (Multiple CVEs)
2023-02-01 21:43:34
Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)
2022-06-27 03:53:54
Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities
2023-07-18 06:14:58

0.017 Low

EPSS

Percentile

87.8%

JSON
Related for RHSA-2021:3917
nessus61ubuntu3openvas45osv13fedora13suse3gentoo2redhat9rocky4almalinux3oraclelinux2huntr5debiancve2cvelist2veracode2ubuntucve3github2photon5mageia1prion3f51cve2nvd1redhatcve2alpinelinux1debian1cloudfoundry1amazon1archlinux2slackware1ibm3