13 matches found
openSUSE: Security Advisory for liferea (openSUSE-SU-2023:0096-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : liferea (2023-1ba7a77530)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ba7a77530 advisory. Security fix for CVE-2023-1350 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...
Fedora 38 : liferea (2023-5a91738e22)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5a91738e22 advisory. Security fix for CVE-2023-1350 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...
MGASA-2023-0103 Updated liferea packages fix security vulnerability
Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. CVE-2023-1350...
Updated liferea packages fix security vulnerability
Remote code execution on feed enrichment. If "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions it is possible for a an attacker to inject a script command that runs with user priveleges. CVE-2023-1350...
CVE-2023-1350
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...
DEBIAN-CVE-2023-1350
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...
Command injection
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...
CVE-2023-1350
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...
CVE-2023-1350
CVE-2023-1350 affects Liferea’s update_job_run (src/update.c, Feed Enrichment). The input source parameter can be manipulated to execute OS commands (remote, no user interaction). Documents consistently state this leads to remote code execution and that a patch exists; Gentoo/GLSA and OpenSUSE/SU...
CVE-2023-1350 liferea Feed Enrichment update.c update_job_run os command injection
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...
CVE-2023-1350
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...
PT-2023-16918 · Liferea +2 · Liferea +2
Name of the Vulnerable Software and Affected Versions: liferea affected versions not specified Description: A critical issue has been found, affecting the function update job run of the file src/update.c in the component Feed Enrichment. The manipulation of the argument source with the input |dat...