Vulnerabilities > Opensuse > Open Build Service > 2.10.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-21949 | XXE vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 9.0 |
| 2022-03-09 | CVE-2021-36777 | Unspecified vulnerability in Opensuse Open Build Service A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. | 8.8 |
| 2020-05-13 | CVE-2020-8020 | Cross-site Scripting vulnerability in multiple products A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. | 4.3 |
| 2018-08-01 | CVE-2018-12466 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | 6.5 |