229 matches found
CVE-2019-3685
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...
CVE-2019-3685
Open Build Service osc client did not validate TLS certificates for HTTPS connections before version 0.165.4. Affected components: osc binary used by Open Build Service. Impact: potential trust/security risk due to improper TLS validation (CVSS data in sources indicates high severity). Remediatio...
Open Build Service Input Validation Vulnerability
Open Build Service OBS is a general purpose system for building and distributing software packages from source code in an automated, consistent and repeatable manner. Open Build Service 51a17c553b6ae2598820b7a90fd0c11502a49106 An input validation vulnerability exists in previous versions of...
UBUNTU-CVE-2018-12479
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df...
DEBIAN-CVE-2018-12479
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df...
CVE-2018-12474
Improper input validation in obs-service-tarscm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to...
CVE-2018-12479
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df...
Input validation
Improper input validation in obs-service-tarscm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to...
CVE-2018-12478
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown...
CVE-2018-12477
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refreshpatches to delete them. Affected releases are openSUSE Open Build Service: versions prior to...
Input validation
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df...
Design/Logic Flaw
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refreshpatches to delete them. Affected releases are openSUSE Open Build Service: versions prior to...
Input validation
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown...
CVE-2018-12478
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown...
CVE-2018-12474
Improper input validation in obs-service-tarscm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to...
CVE-2018-12477
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refreshpatches to delete them. Affected releases are openSUSE Open Build Service: versions prior to...
CVE-2018-12479
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df...
CVE-2018-12479
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df...
CVE-2018-12479 Request controller allows to create requests with arbitrary request IDs
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df...
CVE-2018-12478 obs-service-replace_using_package_version allows to specify arbitrary input files
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown...