Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
OpensuseLibzypp

3 matches found

CVE
CVEadded 2018/03/01 8:29 p.m.69 views

CVE-2017-7436

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

9.3CVSS8.7AI score0.00627EPSS
CVE
CVEadded 2018/03/01 8:29 p.m.67 views

CVE-2017-7435

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

9.3CVSS6.4AI score0.00627EPSS
CVE
CVEadded 2018/03/01 8:29 p.m.63 views

CVE-2017-9269

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

9.8CVSS6.6AI score0.00325EPSS