HIGH🇬🇧 English

CVE-2017-7436

CVSS 8.1v3.0pub. 2018-03-01upd. 2024-11-21

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Opensuse Libzypp

    APP
    Opensuse
    ≤ 16.15.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-25707HIGH8.8ten sam produkt

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be ...

CVE-2018-7685HIGH7.8ten sam produkt

The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being lef...

CVE-2017-7435HIGH8.1ten sam produkt

In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that c...

CVE-2017-9269HIGH7.7ten sam produkt

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malici...

CVE-2019-18900MEDIUM4.0ten sam produkt

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Serv...