Vulnerabilities > Opensuse > Open Build Service > 2.1.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-21949 | Unspecified vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 8.8 |
| 2022-03-09 | CVE-2021-36777 | Unspecified vulnerability in Opensuse Open Build Service A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. | 8.8 |
| 2021-02-11 | CVE-2020-8031 | Unspecified vulnerability in Opensuse Open Build Service A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. | 5.4 |
| 2020-05-19 | CVE-2020-8021 | a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | 5.3 |
| 2020-05-13 | CVE-2020-8020 | A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. | 6.1 |
| 2018-10-09 | CVE-2018-12479 | Improper Input Validation vulnerability in Opensuse Open Build Service A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. | 7.5 |
| 2018-08-01 | CVE-2018-12467 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689. | 6.5 |
| 2018-08-01 | CVE-2018-12466 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | 6.5 |
| 2018-06-13 | CVE-2011-4183 | Unrestricted Upload of File with Dangerous Type vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. | 9.8 |
| 2018-06-11 | CVE-2011-4181 | Improper Input Validation vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. | 7.5 |