| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-21949 | Multiple XXE vulnerabilities in OBS | SUSE | Open Build Service | High | 8.8 | 2022-05-03 07:50:09 | Deep Dive |
| CVE-2020-8031 | obs: Stored XSS | openSUSE | Open Build Service | Medium | 6.3 | 2021-02-11 15:10:16 | Deep Dive |
| CVE-2018-12475 | obs-service-download_files allows downloading from localhost or intranet hosts | openSUSE | Open Build Service | Medium | 6.5 | 2020-09-01 11:55:12 | Deep Dive |
| CVE-2020-8021 | unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service | openSUSE | Open Build Service | Medium | 5.3 | 2020-05-19 14:25:19 | Deep Dive |
| CVE-2020-8020 | Persistent XSS in markdown parser used by obs-server | openSUSE | open-build-service | Medium | 6.5 | 2020-05-13 14:50:13 | Deep Dive |
| CVE-2019-3685 | Missing TLS certificate validation for HTTPS connections in osc | Open Build Service | Open Build Service | High | 7.4 | 2019-11-05 09:30:41 | Deep Dive |
| CVE-2018-12477 | obs-service-refresh_patches can be tricked into deleting '..' or other unrelated directories | openSUSE | Open Build Service | 高危 | - | 2018-10-09 13:00:00 | Deep Dive |
| CVE-2018-12479 | Request controller allows to create requests with arbitrary request IDs | openSUSE | Open Build Service | 高危 | - | 2018-10-09 13:00:00 | Deep Dive |
| CVE-2018-12478 | obs-service-replace_using_package_version allows to specify arbitrary input files | openSUSE | Open Build Service | 中危 | - | 2018-10-09 13:00:00 | Deep Dive |
| CVE-2018-12474 | Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm | openSUSE | Open Build Service | 超危 | - | 2018-10-09 13:00:00 | Deep Dive |
| CVE-2018-12473 | path traversal in obs-service-tar_scm | openSUSE | Open Build Service | 高危 | - | 2018-10-02 15:00:00 | Deep Dive |
| CVE-2011-4183 | open build service allows anyone to upload rpms | SUSE | open build service | 超危 | - | 2018-06-13 13:00:00 | Deep Dive |
| CVE-2011-4181 | open build service information leak via unauthorized source access | SUSE | open build service | 高危 | - | 2018-06-11 15:00:00 | Deep Dive |
| CVE-2014-0594 | CSRF protection incorrectly disabled | openSUSE | Open Build Service | 高危 | - | 2018-06-08 17:00:00 | Deep Dive |
| CVE-2013-3703 | No write permission check in change_role command | openSUSE | Open Build Service | 中危 | - | 2018-06-08 17:00:00 | Deep Dive |
| CVE-2018-7688 | Open Build Service accepts arbitrary reviews | openSUSE | Open Build Service | 中危 | - | 2018-06-07 13:00:00 | Deep Dive |
| CVE-2018-7689 | Open Build Service arbitrary package modification | openSUSE | Open Build Service | 中危 | - | 2018-06-07 13:00:00 | Deep Dive |
| CVE-2015-0796 | open build service source server symlink exploitation via source patch | SUSE | open build service | 高危 | - | 2018-03-02 20:00:00 | Deep Dive |
| CVE-2017-9268 | open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions | SUSE | open build service | 中危 | - | 2018-03-01 19:00:00 | Deep Dive |
| CVE-2017-5188 | OBS worker VM escape via relative symbolic links | openSUSE | open build service | 高危 | - | 2018-03-01 19:00:00 | Deep Dive |