HIGH🇵🇱 Wersja polska

CVE-2017-7436

CVSS 8.1v3.0pub. 2018-03-01upd. 2024-11-21

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Opensuse Libzypp

    APP
    Opensuse
    ≤ 16.15.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-25707HIGH8.8ten sam produkt

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be ...

CVE-2018-7685HIGH7.8ten sam produkt

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being lef...

CVE-2017-7435HIGH8.1ten sam produkt

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that c...

CVE-2017-9269HIGH7.7ten sam produkt

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malici...

CVE-2019-18900MEDIUM4.0ten sam produkt

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Serv...