CVE-2017-7435

🗓️ 01 Mar 2018 20:00:29Reported by microfocusType

Insecure handling of unsigned YUM repositories in libzypp <20170803

Reporter	Title	Published	Views	Family All 26
OSV	CVE-2017-7435	1 Mar 201820:29	–	osv
OSV	OPENSUSE-SU-2024:11019-1 libzypp-17.28.4-1.2 on GA media	15 Jun 202400:00	–	osv
NVD	CVE-2017-7435	1 Mar 201820:29	–	nvd
Prion	Design/Logic Flaw	1 Mar 201820:29	–	prion
Cvelist	CVE-2017-7435 libzypp accepts unsigned 3rd party repo without warning	1 Mar 201819:00	–	cvelist
UbuntuCve	CVE-2017-7435	1 Mar 201800:00	–	ubuntucve
Debian CVE	CVE-2017-7435	1 Mar 201820:29	–	debiancve
Tenable Nessus	SUSE SLED12 / SLES12 Security Update : libzypp (SUSE-SU-2017:2264-1)	28 Aug 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : libzypp (openSUSE-2017-989)	5 Sep 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : libzypp / zypper (openSUSE-2017-893)	10 Aug 201700:00	–	nessus

Nvd

Node

opensuse libzyppRange≤16.15.2

[
  {
    "product": "libzypp",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "20170803",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi
suse	www.suse.com/de-de/security/cve/CVE-2017-7435/
lists	www.lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Mar 2018 20:29Current

6.4Medium risk

Vulners AI Score6.4

CVSS29.3

CVSS38.1

EPSS0.00159

CWE-20