Lucene search
K

13 matches found

OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.12 views

openSUSE: Security Advisory for liferea (openSUSE-SU-2023:0096-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.02385EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.22 views

Fedora 37 : liferea (2023-1ba7a77530)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ba7a77530 advisory. Security fix for CVE-2023-1350 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

9.8CVSS7AI score0.02385EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.14 views

Fedora 38 : liferea (2023-5a91738e22)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5a91738e22 advisory. Security fix for CVE-2023-1350 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

9.8CVSS7AI score0.02385EPSS
Exploits0References2
OSV
OSV
added 2023/03/18 10:16 p.m.5 views

MGASA-2023-0103 Updated liferea packages fix security vulnerability

Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. CVE-2023-1350...

9.8CVSS9.7AI score0.02385EPSS
Exploits0References3
Mageia
Mageia
added 2023/03/18 10:16 p.m.29 views

Updated liferea packages fix security vulnerability

Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. CVE-2023-1350...

9.8CVSS9.6AI score0.02385EPSS
Exploits0References2
NVD
NVD
added 2023/03/11 9:15 a.m.7 views

CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

9.8CVSS8.4AI score0.02385EPSS
Exploits0References3
OSV
OSV
added 2023/03/11 9:15 a.m.2 views

DEBIAN-CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

9.8CVSS6AI score0.02385EPSS
Exploits0References1
Prion
Prion
added 2023/03/11 9:15 a.m.15 views

Command injection

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

6.5CVSS9.8AI score0.02385EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/11 9:15 a.m.16 views

CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

9.8CVSS6.2AI score0.02385EPSS
Exploits0References2
CVE
CVE
added 2023/03/11 8:20 a.m.62 views

CVE-2023-1350

CVE-2023-1350 affects Liferea’s update_job_run (src/update.c, Feed Enrichment). The input source parameter can be manipulated to execute OS commands (remote, no user interaction). Documents consistently state this leads to remote code execution and that a patch exists; Gentoo/GLSA and OpenSUSE/SU...

9.8CVSS8.2AI score0.02385EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/11 8:20 a.m.12 views

CVE-2023-1350 liferea Feed Enrichment update.c update_job_run os command injection

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

6.3CVSS6.1AI score0.02385EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/03/11 8:20 a.m.18 views

CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

9.8CVSS7.1AI score0.02385EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/11 12:0 a.m.5 views

PT-2023-16918 · Liferea +2 · Liferea +2

Name of the Vulnerable Software and Affected Versions: liferea affected versions not specified Description: A critical issue has been found, affecting the function update job run of the file src/update.c in the component Feed Enrichment. The manipulation of the argument source with the input |dat...

9.8CVSS7.3AI score0.02385EPSS
Exploits0References25
Rows per page
Query Builder