GCVE - cpe:2.3:a:opensuse:osc:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:opensuse:osc:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Opensuse (`3380e48e-e718-5685-8ad0-092ef58910e5`)
Product	Osc (`1c2a0406-df62-52e2-a6c3-a1e61349dca6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/ubuntu/osc`	purl2cpe	2026-06-01 10:15:35.990202
`pkg:github/opensuse/osc`	purl2cpe	2026-06-01 10:15:35.990203
`pkg:pypi/osc`	purl2cpe	2026-06-01 10:15:35.990205

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-3681`	vulnerable	2026-06-03 14:40:26.747795	osc: stores downloaded (supposed) RPM in network-controlled filesystem paths HIGH (7.5) A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 . Published: 2020-06-29T12:00:16.969Z Updated: 2024-09-17T03:28:54.416Z Open on db.gcve.eu Reference links https://bugzilla.suse.com/show_bug.cgi?id=1122675	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1095`	vulnerable	2026-06-03 14:31:41.300145	Details available osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator. Published: 2014-02-06T16:00:00.000Z Updated: 2024-08-06T18:45:27.268Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2012/03/02/2 https://bugzilla.redhat.com/show_bug.cgi?id=798353 http://www.openwall.com/lists/oss-security/2012/02/28/15 https://bugzilla.novell.com/show_bug.cgi?id=749335 http://www.openwall.com/lists/oss-security/2012/02/28/9	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.