3 matches found
CVE-2017-9271
CVE-2017-9271 affects the zypper commandline package update tool (libzypp) where HTTP proxy credentials can be written to logs, enabling local attackers to access proxy credentials. The CVE is discussed across multiple advisories and open vulnerability records. Public references in the provided d...
CVE-2008-3187
This CVE affects SUSE/openSUSE’s zypper/zypp-refresh-patches workflow. Specifically, in SUSE openSUSE 10.2, 10.3, and 11.0, the component does not prompt before accepting repository keys, allowing a remote repository to trigger a denial of service (package data corruption) via a spoofed key. The ...
CVE-2012-0420
The CVE-2012-0420 issue affects SUSE Zypper’s zypp-refresh-wrapper; local users could create files in arbitrary directories, or suffer other unspecified impact, via the ZYPP_LOCKFILE_ROOT environment variable. Affected versions include Zypper before 1.3.20 and 1.6.x before 1.6.166. The root cause...