Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2020/10/19 12:0 a.m.32 views

Ubuntu 16.04 LTS : Newsbeuter vulnerabilities (USN-4585-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4585-1 advisory. It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special...

9.3CVSS8.3AI score0.06404EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/10/16 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-4585-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.8AI score0.06404EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/10/15 10:14 p.m.60 views

USN-4585-1: Newsbeuter vulnerabilities

It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. CVE-2017-12904 It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could us...

9.3CVSS8.2AI score0.06404EPSS
Exploits0
Veracode
Veracode
added 2020/05/10 11:27 p.m.23 views

OS Command Injection

newsbeuter is vulnerable to OS Command Injection. Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a...

8.8CVSS5.4AI score0.06404EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.25 views

openSUSE Security Update : newsbeuter (openSUSE-2018-62)

This update for newsbeuter fixes one issues. This security issue was fixed : - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL bsc1054578...

9.3CVSS8.4AI score0.06404EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/01/21 12:0 a.m.22 views

openSUSE: Security Advisory for newsbeuter (openSUSE-SU-2018:0166-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.8AI score0.06404EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2018/01/20 6:19 p.m.43 views

Security update for newsbeuter (important)

This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL bsc1054578...

9.3CVSS8.9AI score0.06404EPSS
Exploits0References1
CVE
CVE
added 2017/09/17 5:0 a.m.111 views

CVE-2017-14500

CVE-2017-14500 concerns Newsbeuter/Podbeuter: improper neutralization of shell metacharacters in a podcast enclosure filename within an RSS item can enable user-assisted remote code execution. Affected range: Newsbeuter 0.3–2.9; exploitation relies on crafting a feed item with a malicious filenam...

8.8CVSS8.8AI score0.03078EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2017/09/17 5:0 a.m.20 views

CVE-2017-14500

Removed by vendor...

8.8CVSS8.7AI score0.03078EPSS
Exploits0
ArchLinux
ArchLinux
added 2017/09/16 12:0 a.m.23 views

[ASA-201709-11] newsbeuter: arbitrary command execution

Arch Linux Security Advisory ASA-201709-11 ========================================== Severity: High Date : 2017-09-16 CVE-ID : CVE-2017-12904 CVE-2017-14500 Package : newsbeuter Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-401 Summary ======= The...

9.3CVSS2.9AI score0.06404EPSS
Exploits0References10
OSV
OSV
added 2017/08/23 2:29 p.m.22 views

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

8.8CVSS9AI score
Exploits0References5
NVD
NVD
added 2017/08/23 2:29 p.m.11 views

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

9.3CVSS8.9AI score0.06404EPSS
Exploits0References5
CVE
CVE
added 2017/08/23 2:0 p.m.113 views

CVE-2017-12904

Newsbeuter is affected by CVE-2017-12904 in the bookmarking function (versions 0.7–2.9). A remote attacker could cause user‑assisted code execution by crafting an RSS item containing shell code in the title/URL. Remediation across advisories involves upgrading Newsbeuter to a newer release (e.g.,...

9.3CVSS8.8AI score0.06404EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2017/08/23 2:0 p.m.41 views

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

8.9AI score0.06404EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2017/08/23 2:0 p.m.12 views

CVE-2017-12904

Removed by vendor...

9.3CVSS8.7AI score0.06404EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/08/23 2:0 p.m.39 views

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

9.3CVSS9AI score0.06404EPSS
Exploits0
ArchLinux
ArchLinux
added 2017/08/20 12:0 a.m.23 views

[ASA-201708-15] newsbeuter: arbitrary code execution

Arch Linux Security Advisory ASA-201708-15 ========================================== Severity: High Date : 2017-08-20 CVE-ID : CVE-2017-12904 Package : newsbeuter Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-384 Summary ======= The package newsbeuter...

9.3CVSS2.2AI score0.06404EPSS
Exploits0References4
Debian
Debian
added 2017/08/18 2:41 p.m.25 views

[SECURITY] [DSA 3947-1] newsbeuter security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3947-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 18, 2017 https://www.debian.org/security/faq -...

9.3CVSS2.9AI score0.06404EPSS
Exploits0
Debian
Debian
added 2017/08/18 2:41 p.m.24 views

[SECURITY] [DSA 3947-1] newsbeuter security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3947-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 18, 2017 https://www.debian.org/security/faq -...

9.3CVSS8.7AI score0.06404EPSS
Exploits0
Rows per page
Query Builder