Lucene search
K

7 matches found

Debian
Debian
added 2019/10/07 11:14 a.m.61 views

[SECURITY] [DLA 1948-1] ruby-mini-magick security update

Package : ruby-mini-magick Version : 3.8.1-1+deb8u1 CVE ID : CVE-2019-13574 Debian Bug : 931932 In lib/minimagick/image.rb in ruby-mini-magick, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a | charact...

7.8CVSS7.6AI score0.07639EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/07/15 12:0 a.m.20 views

Debian DSA-4481-1 : ruby-mini-magick - security update

Harsh Jaiswal discovered a remote shell execution vulnerability in ruby-mini-magick, a Ruby library providing a wrapper around ImageMagick or GraphicsMagick, exploitable when using MiniMagick::Image.open with specially crafted URLs coming from unsanitized user input. C Tenable Network Security,...

7.8CVSS7.6AI score0.07639EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2019/07/14 12:0 a.m.15 views

Debian: Security Advisory (DSA-4481-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.07639EPSS
Exploits1References4
Debian
Debian
added 2019/07/13 1:36 p.m.16 views

[SECURITY] [DSA 4481-1] ruby-mini-magick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4481-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 13, 2019 https://www.debian.org/security/faq -...

6.8CVSS2AI score0.07639EPSS
Exploits1
Debian
Debian
added 2019/07/13 1:36 p.m.206 views

[SECURITY] [DSA 4481-1] ruby-mini-magick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4481-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 13, 2019 https://www.debian.org/security/faq -...

7.8CVSS7.6AI score0.07639EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/07/12 3:15 a.m.23 views

CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

7.8CVSS7.3AI score0.07639EPSS
Exploits1References5
CVE
CVE
added 2019/07/12 2:31 a.m.380 views

CVE-2019-13574

The CVE concerns MiniMagick before 4.9.4: in lib/mini_magick/image.rb, a fetched remote image filename could be passed directly to Kernel.open, with the leading ‘|’ indicating a shell command, enabling remote command execution. Connected advisories confirm the issue is a remote command execution ...

7.8CVSS7.4AI score0.07639EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder