osc (SUSE:Linux Enterprise Software Development Kit 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP5 package osc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2019-3681 — CVSS 7.5 (high): A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux…
CVE-2019-3685 — CVSS 7.4 (high): Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
CVE-2024-22034 — CVSS 5.5 (medium): Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the…