RHEL 7 : ImageMagick (RHSA-2026:3058)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3058 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixes...

EUVD-2020-15419

Malware in sbrugna...

EUVD-2017-16903

Malware in sbrugna...

EUVD-2023-44051

Malicious code in bioql PyPI...

Insecure Variable Substitution

github.com/go-vela/cli is vulnerable to Insecure Variable Substitution. The vulnerability arises due to the unexpected behavior of variable substitution combined with insensitive fields like parameters, image, and entrypoint. This allows for bypassing log masking and exposing secrets without usin...

vantage6 Data Falsification Issue Vulnerability

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions prior to 4.1.2 that stems from the fact that nodes do not check to see if they are allowed to run images if...

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...

[SECURITY] Fedora 35 Update: golang-github-appc-spec-0.8.11-13.fc35

This package contains schema definitions and tools for the App Container app c specification. These include technical details on how an appc image is downloaded over a network, cryptographically verified, and executed on a host. See SPEC.md for details of the specification itself...

CVE-2021-30779

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

Arbitrary File Upload

Intelliants/subrion is vulnerable to arbitrary file upload. The application doesn't restrict the type of files which can be uploaded as a profile image. These files may be executed when the profile is rendered...

CVE-2017-5565

Code injection vulnerability in Trend Micro Maximum Security 11.0 and earlier, Internet Security 11.0 and earlier, and Antivirus+ Security 11.0 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a...

CVE-2017-5566

Code injection vulnerability in AVG Ultimate 17.1 and earlier, AVG Internet Security 17.1 and earlier, and AVG AntiVirus FREE 17.1 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a "DoubleAgent" attack...

CVE-2017-5567

Code injection vulnerability in Avast Premier 12.3 and earlier, Internet Security 12.3 and earlier, Pro Antivirus 12.3 and earlier, and Free Antivirus 12.3 and earlier allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process...

USN-62-1: imagemagick vulnerability

Andrei Nigmatulin discovered a potential buffer overflow in the PhotoShop Document image decoding function of ImageMagick. Decoding a malicious PSD image which specifies more than the allowed 24 channels might result in execution of arbitrary code with the user's privileges. Since ImageMagick can...