libzypp 安全漏洞

Libzypp is a package manager developed by OpenSUSE. There is a security vulnerability in Libzypp, which arises when the chroot target is the system root directory. This vulnerability allows for traversing paths with root privileges, enabling execution of host binary files...

EUVD-2019-8581

Malware in sbrugna...

CVE-2013-3704

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

CVE-2019-18900

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp version...

Novell libzypp Security Bypass Vulnerability

libzypp also known as ZYPP is the U.S. Novell-sponsored open source set of manageable engines, drivers eg: Linux applications YaST, Zypper tools. A security vulnerability exists in libzypp. An attacker can exploit this vulnerability to bypass security restrictions and perform unauthorized...