19 matches found
Ubuntu 16.04 LTS : Newsbeuter vulnerabilities (USN-4585-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4585-1 advisory. It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special...
Ubuntu: Security Advisory (USN-4585-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4585-1: Newsbeuter vulnerabilities
It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. CVE-2017-12904 It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could us...
OS Command Injection
newsbeuter is vulnerable to OS Command Injection. Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a...
openSUSE Security Update : newsbeuter (openSUSE-2018-62)
This update for newsbeuter fixes one issues. This security issue was fixed : - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL bsc1054578...
openSUSE: Security Advisory for newsbeuter (openSUSE-SU-2018:0166-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for newsbeuter (important)
This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL bsc1054578...
CVE-2017-14500
CVE-2017-14500 concerns Newsbeuter/Podbeuter: improper neutralization of shell metacharacters in a podcast enclosure filename within an RSS item can enable user-assisted remote code execution. Affected range: Newsbeuter 0.3–2.9; exploitation relies on crafting a feed item with a malicious filenam...
CVE-2017-14500
Removed by vendor...
[ASA-201709-11] newsbeuter: arbitrary command execution
Arch Linux Security Advisory ASA-201709-11 ========================================== Severity: High Date : 2017-09-16 CVE-ID : CVE-2017-12904 CVE-2017-14500 Package : newsbeuter Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-401 Summary ======= The...
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
CVE-2017-12904
Newsbeuter is affected by CVE-2017-12904 in the bookmarking function (versions 0.7–2.9). A remote attacker could cause user‑assisted code execution by crafting an RSS item containing shell code in the title/URL. Remediation across advisories involves upgrading Newsbeuter to a newer release (e.g.,...
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
CVE-2017-12904
Removed by vendor...
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
[ASA-201708-15] newsbeuter: arbitrary code execution
Arch Linux Security Advisory ASA-201708-15 ========================================== Severity: High Date : 2017-08-20 CVE-ID : CVE-2017-12904 Package : newsbeuter Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-384 Summary ======= The package newsbeuter...
[SECURITY] [DSA 3947-1] newsbeuter security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3947-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 18, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3947-1] newsbeuter security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3947-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 18, 2017 https://www.debian.org/security/faq -...