Suse Libzypp
4 CVEs affecting Suse Libzypp. Latest disclosed: 2018-08-31. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7436 | High | 8.1 | 2018-03-01 | In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious serve… |
CVE-2017-7435 | High | 8.1 | 2018-03-01 | In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious serve… |
CVE-2018-7685 | High | 7.8 | 2018-08-31 | The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not disp… |
CVE-2017-9269 | High | 7.7 | 2018-03-01 | In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to u… |