Lucene search
K

33 matches found

Amazon
Amazon
added 2024/02/05 12:0 a.m.6 views

Important: python-pillow

Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...

9.8CVSS7.4AI score0.03399EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.47 views

Important: python-pillow

Issue Overview: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter. CVE-2023-50447 Affected Packages: python-pillow Note: This advisory is applicable to Amaz...

9.8CVSS9.2AI score0.03399EPSS
Exploits0
Mageia
Mageia
added 2024/01/30 8:57 p.m.75 views

Updated python-pillow packages fix a security vulnerability

This update fixes the following security issue: Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter This is a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS7.8AI score0.01703EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.4 views

The vulnerability of the eval() function in the ImageMath module of the Pillow library allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the ImageMath module of the Pillow library relates to improper code generation during the processing of the environment parameter. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

8.1CVSS7.3AI score0.01703EPSS
Exploits0References16Affected Software5
OSV
OSV
added 2024/01/26 11:6 a.m.2 views

OESA-2024-1098 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. %package -n python3-pillow Summary: Python 3 image processing library Provides: python3-imaging = -...

8.1CVSS7.5AI score0.01703EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/01/23 2:46 a.m.2 views

SUSE CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.4CVSS8.6AI score0.01703EPSS
Exploits0References8
OSV
OSV
added 2024/01/19 8:15 p.m.1 views

DEBIAN-CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS7AI score0.01703EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/01/19 8:15 p.m.4 views

CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

9.8CVSS6.9AI score0.03399EPSS
Exploits0References7
OSV
OSV
added 2024/01/19 8:15 p.m.8 views

UBUNTU-CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS6.9AI score0.01703EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2024/01/19 8:15 p.m.39 views

CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS6.9AI score0.01703EPSS
Exploits0References7
OSV
OSV
added 2024/01/19 12:0 a.m.53 views

CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...

8.1CVSS7AI score0.01703EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.5 views

Pillow Security Breach

Pillow is a Python based image processing library. A security vulnerability exists in Pillow 10.1.0 and earlier versions, which can be exploited to execute arbitrary code via the environment parameter in PIL.ImageMath.eval...

8.1CVSS6.9AI score0.01703EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/12/10 12:0 a.m.2 views

PT-2023-8447

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 10.2.0 Description The issue is related to the incorrect management of code generation in the eval function of the ImageMath module in the Pillow library when processing the environment parameter. This can allow a remo...

9.3CVSS7.6AI score0.01703EPSS
Exploits0References89
Rows per page
Query Builder