Lucene search
K

8 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:40 p.m.39 views

K73455417: obs-service-extract_file package vulnerability CVE-2016-4007

Security Advisory Description Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal...

10CVSS9.6AI score0.02474EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/05/11 12:0 a.m.5 views

The vulnerabilities of the operating systems OpenSUSE Leap and openSUSE allow attackers to execute arbitrary commands.

The multiple vulnerabilities of the obs-service-extractfile package in OpenSUSE Leap and OpenSUSE are related to code errors. Exploiting these vulnerabilities allows a malicious actor to remotely execute arbitrary commands by manipulating the service involved in executing “invalid functions”...

10CVSS8.2AI score0.02474EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2016/04/16 12:0 a.m.3 views

Novell openSUSE Leap and openSUSE Arbitrary Command Execution Vulnerabilities

Novell openSUSE is a free Linux-based operating system. openSUSE Leap is a version of openSUSE. A security vulnerability in obs-service-extractfile in Novell openSUSE Leap and obs-service-extractfile in openSUSE allows local attackers to execute arbitrary commands...

10CVSS7.2AI score0.02474EPSS
Exploits0References1
NVD
NVD
added 2016/04/13 2:59 p.m.30 views

CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...

10CVSS9.9AI score0.02474EPSS
Exploits0References5
Prion
Prion
added 2016/04/13 2:59 p.m.14 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...

10CVSS7.9AI score0.02474EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2016/04/13 2:0 p.m.33 views

CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...

9.9AI score0.02474EPSS
Exploits0References5
CVE
CVE
added 2016/04/13 2:0 p.m.52 views

CVE-2016-4007

CVE-2016-4007 affects the obs-service-extract_file package (and related source validator components) via code/parameter injection in service definitions (unzip with illegal options). Public advisories note the issue was fixed by OBS-related updates: openSUSE/SUSE security notices for obs-service-...

10CVSS9.7AI score0.02474EPSS
Exploits0References5Affected Software2
OPENSUSE Linux
OPENSUSE Linux
added 2016/02/20 1:11 p.m.24 views

Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file (important)

This update for a number of source services fixes the following issues: - boo967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected -...

4.2AI score
Exploits0
Rows per page
Query Builder