cpe:/a:newsbeuter:newsbeuter:0.1.1 cpe:/a:newsbeuter:newsbeuter:0.2 cpe:/a:newsbeuter:newsbeuter:0.3 cpe:/a:newsbeuter:newsbeuter:0.4 cpe:/a:newsbeuter:newsbeuter:0.5 cpe:/a:newsbeuter:newsbeuter:0.6 cpe:/a:newsbeuter:newsbeuter:0.7 cpe:/a:newsbeuter:newsbeuter:0.8 cpe:/a:newsbeuter:newsbeuter:0.8.1 cpe:/a:newsbeuter:newsbeuter:0.8.2 cpe:/a:newsbeuter:newsbeuter:0.9 cpe:/a:newsbeuter:newsbeuter:0.9.1 cpe:/a:newsbeuter:newsbeuter:1.0 CVE-2008-3907 2008-09-04T13:41:00.000-04:00 2017-08-07T21:32:15.547-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-09-04T15:21:00.000-04:00 BID 30964 SECUNIA 31676 SECUNIA 31995 GENTOO GLSA-200809-12 MLIST [oss-security] 20080901 CVE id request: newsbeuter CONFIRM http://newsbeuter.wordpress.com/2008/09/01/newsbeuter-11-released-contains-security-fix-please-upgrade/ CONFIRM http://www.newsbeuter.org/downloads/CHANGES XF newsbeuter-url-command-execution(44791) The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.