111 matches found
Fedora: Security Advisory for liferea (FEDORA-2023-1ba7a77530)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-27591
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
Design/Logic Flaw
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
Default configuration
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27591
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27591
CVE-2023-27591 affects Miniflux prior to v2.0.43. An unauthenticated user could retrieve Prometheus metrics from a publicly reachable Miniflux instance when the metrics collector is enabled and METRICS_ALLOWED_NETWORKS is set to 127.0.0.1/8 (default). A patch is available in Miniflux v2.0.43. Wor...
CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27592
Miniflux CVE-2023-27592 is a stored XSS affecting v2.0.25 and later via the image proxy path. When an outbound Go HTTP request fails, html.ServerError is returned unescaped and without the CSP header, enabling an attacker to craft an RSS item with an tag using a malicious srcset (e.g., http:a). ...
CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
SUSE CVE-2017-5455
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
[SECURITY] Fedora 34 Update: newsboat-2.24-1.fc34
Newsboat is a fork of Newsbeuter, an RSS/Atom feed reader for the text consol e...
[SECURITY] Fedora 34 Update: newsflash-1.4.1-2.fc34
A modern feed reader designed for the GNOME desktop. NewsFlash is a program designed to complement an already existing web-based RSS reader account. It combines all the advantages of web based services like syncing across all your devices with everything you expect from a modern desktop program:...
Tiny Tiny RSS 安全漏洞
Tiny Tiny RSStt-rss,tt-rss is an open source based browser-based news feed reader and aggregator. Tiny Tiny RSS before 2021-03-12 A security vulnerability exists that allows an attacker to log in via OTP code without a valid password...
CVE-2019-6031
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader...
Joomla Simple RSS Feed Reader mod_jw_srfr 3.6.0 Open Redirection
Exploit Title : Joomla Simple RSS Feed Reader modjwsrfr 3.6.0 Modules Open Redirect Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/01/2019 Vendor Homepage : joomlaworks.net Software Download Links : joomlaworks.net/downloads/?f=modjwsrfr-v3.6.0j2.5-3.x.zip...
CVE-2017-5455
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
CVE-2017-5455
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
Debian: Security Advisory (DLA-1104-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3977-1 : newsbeuter - security update
It was discovered that podbeuter, the podcast fetcher in newsbeuter, a text-mode RSS feed reader, did not properly escape the name of the media enclosure the podcast file, allowing a remote attacker to run an arbitrary shell command on the client machine. This is only exploitable if the file is...