CVSS: 8.8EPSS: 3%CPEs: 24EXPL: 0CVE-2017-14500 – Ubuntu Security Notice USN-4585-1
https://notcve.org/view.php?id=CVE-2017-14500
17 Sep 2017 — Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904. No se neutralizan correctamente los elementos especiales utilizados en un comando de si... • http://openwall.com/lists/oss-security/2017/09/16/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2017-12904 – Ubuntu Security Notice USN-4585-1
https://notcve.org/view.php?id=CVE-2017-12904
23 Aug 2017 — Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. Una neutralización incorrecta de elementos especiales en un comando del sistema operativo en la función de marcado de Newsbeuter en sus versiones de la 0.7 hasta la 2.9 permite que atacantes remotos realicen una ejecución de código asistidos por... • http://www.debian.org/security/2017/dsa-3947 • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2008-3907
https://notcve.org/view.php?id=CVE-2008-3907
04 Sep 2008 — The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL. El comando open-in-browser en newsbeuter versiones anteriores a 1.1 permite a atacantes remotos ejecutar comandos de su elección a través de metacaracteres de consola en una URL fuente. • http://newsbeuter.wordpress.com/2008/09/01/newsbeuter-11-released-contains-security-fix-please-upgrade • CWE-20: Improper Input Validation •