[SECURITY] [DLA 4462-1] pillow security update

Debian LTS Advisory DLA-4462-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert February 01, 2026 https://wiki.debian.org/LTS Package : pillow Version : 8.1.2+dfsg-0.3+deb11u3 CVE ID : CVE-2021-23437 CVE-2022-24303 CVE-2022-45198 Multiple vulnerabilities have been...

Debian dla-4462 : python-pil-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4462 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4462-1 [email protected]...

CVE-2022-45198

creationtimestamp| type| source ---|---|--- 2025-07-22 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-04...

CVE-2024-45198

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

CVE-2024-45198

creationtimestamp| type| source ---|---|--- 2025-04-03 21:06:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llwsmf6je42c 2025-04-03 23:36:29+00:00| seen| https://t.me/cvedetector/22028...

CVE-2024-45198

The connected documents confirm a vulnerability in insightsoftware Spark JDBC 2.6.21 where malicious parameters injected into the JDBC URL can trigger a JNDI injection during the connection process, leading to remote code execution. The issue affects Spark JDBC driver behavior during URL handling...

CVE-2024-45198

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

CVE-2024-45198

insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

Linux Distros Unpatched Vulnerability : CVE-2022-45198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 Note that Nessus relies on the presence of the...

openSUSE Security Advisory (SUSE-SU-2024:2908-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : python-Pillow (openSUSE-SU-2024:0253-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0253-1 advisory. - CVE-2022-45198: Fixed improper handling of highly compressed GIF data boo1205416 Tenable has extracted the preceding description block directly from th...

openSUSE Security Advisory (openSUSE-SU-2024:0253-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python-Pillow (SUSE-SU-2024:2908-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2908-1 advisory. - CVE-2022-45198: Fixed improper handling of highly compressed GIF data bsc1205416 Tenable has extracted the preceding description block...

CVE-2023-45198

creationtimestamp| type| source ---|---|--- 2024-01-04 02:34:14+00:00| seen| https://t.me/arpsyndicate/2410...

Ubuntu 20.04 ESM : Pillow vulnerabilities (USN-5777-2)

The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5777-2 advisory. USN-5777-1 fixed vulnerabilities in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Tenable has...

CVE-2023-45198

ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd the portable version of NetBSD ftpd before 20231001 is also vulnerable...

CVE-2023-45198

ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd the portable version of NetBSD ftpd before 20231001 is also vulnerable...

CVE-2023-45198

CVE-2023-45198 affects ftpd before NetBSD-ftpd 20230930 and tnftpd before 20231001, enabling leakage of host filesystem information prior to authentication via MLSD/MLST. Red Hat/EUVD entries corroborate the issue. Remediation is to upgrade to NetBSD-ftpd 20231001 or later (or apply equivalent ve...

EulerOS Virtualization 3.0.6.0 : python-pillow (EulerOS-SA-2023-2245)

According to the versions of the python-pillow packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification. CVE-2022-45198 Note that...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2023-2245)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...