Lucene search
K
OpensuseLibzypp

7 matches found

CVE
CVE
added 2020/01/24 3:15 p.m.155 views

CVE-2019-18900

CVE-2019-18900 affects libzypp in SUSE CaaS Platform 3.0 and SUSE Linux Enterprise Server 12/15, where an incorrect default-permissions issue could allow local attackers to read a cookie store used by libzypp and expose private cookies. Affected versions include: SUSE CaaS Platform 3.0 libzypp &l...

4CVSS3.4AI score0.00301EPSS
CVE
CVE
added 2018/03/01 7:0 p.m.87 views

CVE-2017-7435

CVE-2017-7435 affects libzypp (before 20170803). The issue allows adding unsigned YUM repositories without user warning, creating a vector for man‑in‑the‑middle or malicious servers to inject unsigned RPMs. Connected advisories show the fix being addressed in SUSE’s libzypp/zypper security update...

9.3CVSS6.4AI score0.01843EPSS
CVE
CVE
added 2018/03/01 7:0 p.m.83 views

CVE-2017-7436

CVE-2017-7436 concerns a flaw in libzypp prior to 20170803 where unsigned packages could be retrieved without a user warning, enabling potential MITM or malicious servers to inject RPMs. The impact described in the accompanying advisories is high (CVE-2017-7436) with risk to package integrity and...

9.3CVSS8.7AI score0.01843EPSS
CVE
CVE
added 2018/03/01 7:0 p.m.83 views

CVE-2017-9269

CVE-2017-9269 affects libzypp; before Aug 2018 GPG keys attached to YUM repositories were not properly pinned, allowing malicious mirrors to downgrade to unsigned repos with potentially malicious content. The issue originates from improper key pinning rather than repository signing verification. ...

9.8CVSS6.6AI score0.0229EPSS
CVE
CVE
added 2018/08/31 3:0 p.m.78 views

CVE-2018-7685

The CVE-2018-7685 issue affects libzypp (and related components) used by openSUSE/SUSE packaging. Description: decoupled download and installation steps in libzypp before 17.5.0 could leave a corrupted RPM in the cache, and a subsequent installation could proceed without displaying the corrupted ...

7.8CVSS5.5AI score0.00286EPSS
CVE
CVE
added 2026/06/29 10:4 a.m.51 views

CVE-2026-25707

Summary of vulnerability (CVE-2026-25707) : A relative path traversal in libzypp’s repository metadata processing (prior to version 17.38.10) could allow remote repository authors to overwrite local files, potentially leading to denial of service or privilege escalation. Connected advisories indi...

8.8CVSS5.8AI score0.006EPSS
CVE
CVE
added 2026/07/02 3:19 p.m.47 views

CVE-2026-44941

CVE-2026-44941: libzypp path traversal via the keyhint option in repomd.xml parsing was fixed in libzypp 17.38.13. The issue allowed a malicious repository to inject/overwrite files as root due to treating keyhint as a path. The remediation is to upgrade libzypp components (and related libsolv/li...

8.8CVSS5.8AI score0.00533EPSS