19 matches found
Ubuntu 16.04 LTS : Newsbeuter vulnerabilities (USN-4585-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4585-1 advisory. It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special...
Ubuntu: Security Advisory (USN-4585-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4585-1: Newsbeuter vulnerabilities
It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. CVE-2017-12904 It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could us...
Security update for newsbeuter (important)
This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its...
openSUSE Security Update : newsbeuter (openSUSE-2018-92)
This update for newsbeuter fixes one issues. This security issue was fixed : - CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its...
openSUSE: Security Advisory for newsbeuter (openSUSE-SU-2018:0229-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] [DLA 1104-1] newsbeuter security update
Package : newsbeuter Version : 2.5-2+deb7u3 CVE ID : CVE-2017-14500 Debian Bug : 876004 It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure the podcast file, allowing a remote attacker to run an...
Debian DSA-3977-1 : newsbeuter - security update
It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure the podcast file, allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is...
[SECURITY] [DSA 3977-1] newsbeuter security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3977-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3977-1] newsbeuter security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3977-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2017 https://www.debian.org/security/faq -...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
ALPINE-CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
CVE-2017-14500
CVE-2017-14500 concerns Newsbeuter/Podbeuter: improper neutralization of shell metacharacters in a podcast enclosure filename within an RSS item can enable user-assisted remote code execution. Affected range: Newsbeuter 0.3–2.9; exploitation relies on crafting a feed item with a malicious filenam...
CVE-2017-14500
Removed by vendor...
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...
[ASA-201709-11] newsbeuter: arbitrary command execution
Arch Linux Security Advisory ASA-201709-11 ========================================== Severity: High Date : 2017-09-16 CVE-ID : CVE-2017-12904 CVE-2017-14500 Package : newsbeuter Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-401 Summary ======= The...