18 matches found
CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...
CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...
CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...
CVE-2026-39958 oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...
CVE-2026-39958
The CVE concerns oma, the package manager for AOSC OS. Before version 1.25.2, oma-topics fetched metadata for Topic Manifests from remote repositories and registered them as APT sources. The name field in that metadata was not validated for transliteration, allowing a malicious manifest to lead t...
PT-2026-31657
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories topics named "Topic Manifests" mirror/debs/manifest/topics.json from remote repository servers, registering them as APT source entries. However, the name field in said...
Malicious code in cocoapod (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
EUVD-2024-19638
Malicious code in bioql PyPI...
CVE-2024-22034
Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...
DEBIAN-CVE-2024-22034
Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...
CVE-2024-22034
Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...
UBUNTU-CVE-2024-22034
Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...
CVE-2024-22034
Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...
CVE-2024-22034
CVE-2024-22034 is a real vulnerability affecting the osc component across multiple Linux distributions (e.g., Fedora, TencentOS/腾讯OS Server 4, Debian/OSV references). The issue allows attackers to drop special files (notably in .osc, e.g., _apiurl) into actual package sources, enabling modificati...
CVE-2024-22034 Crafted projects can overwrite special files in the .osc config directory
Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...
SUSE CVE-2024-22034
Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...
PT-2024-19168 · Osc +2 · Osc +2
Name of the Vulnerable Software and Affected Versions: osc affected versions not specified Description: The issue allows attackers to manipulate the configuration of osc by injecting special files in .osc into the actual package sources, such as apiurl. This enables the attacker to alter the osc...
USN-5220-1 composer vulnerability
It was discovered that Composer did not properly sanitize URLs for Mercurial repositories in the root composer.json and package source download URLs. A remote attacker could possibly use this issue to execute arbitrary code...