15 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in values including series paths, patch filenames, and numeric parameters, which are read from patch.yaml. An attacker who can control inputs to this file can cause shell commands to be run on the build host by injecti...
Fedora: Security Advisory (FEDORA-2025-eb0eab6793)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 43 Update: python-uv-build-0.9.5-1.fc43
This package is a slimmed down version of uv containing only the build backend...
SUSE: Security Advisory (SUSE-SU-2025:0857-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
Tippa My Tongue Tippa My Tongue is an exploit that uses CVE-2...
SUSE: Security Advisory (SUSE-SU-2019:0387-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unspecified Vulnerability in Micro Focus openSUSE
Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the UK. openSUSE Leap is a version of openSUSE. A security vulnerability exists in the build package of Micro Focus openSUSE Leap, which stems from the program's failure to validate directory names. An attacker could...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
Design/Logic Flaw
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
UBUNTU-CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
DEBIAN-CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
Summary (CVE-2017-14804) : The vulnerability affects the build package prior to 20171128, which fails to validate directory names during extraction of build results, enabling writes outside the target buildroot. This is documented in multiple sources (OpenSUSE SUSE announcements, OSS updates, and...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
SUSE-SU-2017:3253-1 Fixing security issues on OBS toolchain
This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs bnc665768 - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo fate32321...