Vulnerabilidades em opensuse
79 resultadosCVE-2023-22643MEDIUMlibzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` callsEPSS 2.4%CVE-2019-18902HIGHwicked: Use-after-free when receiving invalid DHCP6 client optionsEPSS 2.4%CVE-2019-18903HIGHwicked: Use-after-free when receiving invalid DHCP6 IA_PD optionEPSS 2.4%CVE-2021-25315CRITICALsalt-api unauthenticated remote code executionEPSS 2.3%CVE-2014-0593HIGHsed command injectionEPSS 1.9%CVE-2018-12473LOWpath traversal in obs-service-tar_scmEPSS 1.8%CVE-2018-12479MEDIUMRequest controller allows to create requests with arbitrary request IDsEPSS 1.7%CVE-2019-18904MEDIUMMigrations requests can cause DoS on rmtEPSS 1.5%CVE-2018-12478MEDIUMobs-service-replace_using_package_version allows to specify arbitrary input filesEPSS 1.5%CVE-2019-3681HIGHosc: stores downloaded (supposed) RPM in network-controlled filesystem pathsEPSS 1.4%CVE-2018-12474MEDIUMCrafted service parameters allows to induce unexpected behaviour in obs-service-tar_scmEPSS 1.4%CVE-2011-3178HIGHopenbuildservice webui code injectionEPSS 1.3%CVE-2020-8021MEDIUMunauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build ServiceEPSS 1.3%CVE-2018-7689HIGHOpen Build Service arbitrary package modificationEPSS 1.2%CVE-2018-12477LOWobs-service-refresh_patches can be tricked into deleting '..' or other unrelated directoriesEPSS 1.2%CVE-2017-5188MEDIUMOBS worker VM escape via relative symbolic linksEPSS 1.2%CVE-2018-7688HIGHOpen Build Service accepts arbitrary reviewsEPSS 1.1%CVE-2018-12476MEDIUMobs-service-extract_file's outfilename parameter allows to write files outside of package directoryEPSS 1.0%CVE-2022-46163HIGHtravel-support-program vulnerable to data exfiltration via Ransack query injectionEPSS 1.0%CVE-2013-3703HIGHNo write permission check in change_role commandEPSS 0.9%