CVE-2016-4007 — Leap vulnerability

2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

1.3%

top 20.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Leap Opensuse

Timeline

PublishedApr 13

Latest updateMay 14

Description

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Patches

Patch: build.opensuse.org ↗Patch: build.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-9rh7-7vch-gx4m: Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0↗2022-05-14

▶