CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22038 – DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge
https://notcve.org/view.php?id=CVE-2024-22038
28 Nov 2024 — Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. Varios problemas en obs-scm-bridge permiten a atacantes que crean repositorios git especialmente manipulados filtrar información o provocar una denegación de servicio. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45155 – obs-service-go_modules: arbitrary directory delete
https://notcve.org/view.php?id=CVE-2022-45155
15 Mar 2023 — An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1. • https://bugzilla.suse.com/show_bug.cgi?id=1201138 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-32000 – clone-master-clean-up: dangerous file system operations
https://notcve.org/view.php?id=CVE-2021-32000
28 Jul 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-u... • https://bugzilla.suse.com/show_bug.cgi?id=1181050 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-12476 – obs-service-extract_file's outfilename parameter allows to write files outside of package directory
https://notcve.org/view.php?id=CVE-2018-12476
27 Jan 2020 — Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. Una vulnerabilidad de Salto de Ruta Relativa en obs-servi... • https://bugzilla.suse.com/show_bug.cgi?id=1107944 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-18898 – trousers: Local privilege escalation from tss to root
https://notcve.org/view.php?id=CVE-2019-18898
23 Jan 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. Enlace simbólico de UNIX (Symlink) Siguiendo la vulnerabilidad en el paquete trousers de SUSE Linux Enterprise Server 15 SP1; Los atacantes locales permitidos... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •