251 matches found
openSUSE Security Update : obs-service-download_files / obs-service-extract_file / obs-service-recompress / etc (openSUSE-2016-247)
This update for a number of source services fixes the following issues : - boo967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected -...
Security update for obs-service-download_files, obs-service-extract_file, obs-service-recompress, obs-service-source_validator, obs-service-verify_file (important)
This update for a number of source services fixes the following issues: - boo967265: Various code/parameter injection issues could have allowed malicious service definition to execute commands or make changes to the user's file system The following source services are affected -...
lumiere.obs.coe.int XSS vulnerability
Vulnerable URL: http://lumiere.obs.coe.int/web/search/index.php?title=%22%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...
openSUSE Security Update : osc (openSUSE-2015-224)
osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability : - fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed : - fix times when data comes from OBS...
Security update for osc (important)
osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed: fix times when data comes from OBS backen...
Code injection
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted 1 build log or 2 build status that contains an escape sequence for a terminal emulator...
CVE-2012-1095
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted 1 build log or 2 build status that contains an escape sequence for a terminal emulator...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service OBS before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-0466
The CVE-2011-0466 affects SUSE openSUSE Build Service (OBS) versions 2.0.x before 2.0.8 and 2.1.x before 2.1.6. The issue allows attackers to bypass write-access restrictions and modify a (1) package or (2) project via unspecified vectors. Remediation per connected sources is to upgrade to the fi...
CVE-2011-0462
The CVE-2011-0462 entry covers multiple reflected XSS vulnerabilities in the login page of the SUSE/openSUSE Build Service (OBS) webui prior to version 2.1.6. Affected component: webui login page. Root cause details are not expanded beyond XSS in the provided documents, but the exploitation goal ...
CVE-2011-0466
The API in SUSE openSUSE Build Service OBS 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a 1 package or 2 project via unspecified vectors...