Vulnerabilities > Opensuse > Open Build Service > 2.9.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2022-21949 | XXE vulnerability in Opensuse Open Build Service A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. | 9.0 |
| 2022-03-09 | CVE-2021-36777 | Unspecified vulnerability in Opensuse Open Build Service A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. | 8.8 |
| 2021-02-11 | CVE-2020-8031 | Cross-site Scripting vulnerability in Opensuse Open Build Service A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. | 3.5 |
| 2020-05-19 | CVE-2020-8021 | Improper Privilege Management vulnerability in multiple products a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | 4.3 |
| 2020-05-13 | CVE-2020-8020 | Cross-site Scripting vulnerability in multiple products A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. | 4.3 |
| 2018-08-01 | CVE-2018-12466 | Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. | 6.5 |