23 matches found
EUVD-2011-0482
Malware in sbrugna...
EUVD-2011-0486
Malware in sbrugna...
EUVD-2021-23362
Malware in sbrugna...
CVE-2011-0466
The API in SUSE openSUSE Build Service OBS 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a 1 package or 2 project via unspecified vectors...
CVE-2011-0462
Multiple cross-site scripting XSS vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service OBS before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SUSE CVE-2011-0462
Multiple cross-site scripting XSS vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service OBS before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SUSE CVE-2021-36777
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...
CVE-2021-36777
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...
Security feature bypass
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...
CVE-2021-36777 login-proxy sends password to attacker-provided domain
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...
CVE-2021-36777
CVE-2021-36777 affects openSUSE Build service login-proxy-scripts (pre-dc000cdfe9b9b715fb92195b1a57559362f689ef). The issue is a vulnerability in the login-proxy that relies on untrusted inputs, allowing an attacker to present a user with the expected login form and then have clear-text credentia...
PT-2022-10548 · Opensuse · Opensuse Build Service Login-Proxy-Scripts
Name of the Vulnerable Software and Affected Versions: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef Description: A Reliance on Untrusted Inputs in a Security Decision issue in the login proxy of the openSUSE Build service allows attackers t...
CVE-2018-7688
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions...
[SECURITY] Fedora 27 Update: osc-source_validator-0.10-1.fc27
This is a source service for openSUSE Build Service. This service runs all checks as required by openSUSE:Factory project. This can be used to guarantee that all checks succeed also on the service side. This plugin can be used via project wide defined services...
[SECURITY] Fedora 26 Update: osc-source_validator-0.10-1.fc26
This is a source service for openSUSE Build Service. This service runs all checks as required by openSUSE:Factory project. This can be used to guarantee that all checks succeed also on the service side. This plugin can be used via project wide defined services...
[SECURITY] Fedora 24 Update: obs-signd-2.2.1-8.fc24
The OpenSUSE Build Service sign client and daemon. This daemon can be used to sign anything via gpg by communicating with a remote server to avoid the need to host the private key on the same server...
[SECURITY] Fedora 23 Update: obs-signd-2.2.1-8.fc23
The OpenSUSE Build Service sign client and daemon. This daemon can be used to sign anything via gpg by communicating with a remote server to avoid the need to host the private key on the same server...
[SECURITY] Fedora 20 Update: osc-0.151.1-163.2.1.fc20
Commandline client for the openSUSE Build Service. See http://en.opensuse.org/openSUSE:OSC , as well as http://en.opensuse.org/openSUSE:BuildServiceTutorial for a general introduction...
[SECURITY] Fedora 22 Update: osc-0.151.1-163.2.1.fc22
Commandline client for the openSUSE Build Service. See http://en.opensuse.org/openSUSE:OSC , as well as http://en.opensuse.org/openSUSE:BuildServiceTutorial for a general introduction...
CVE-2011-0462
Multiple cross-site scripting XSS vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service OBS before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...