CRITICAL9.8CVE-2017-9269In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to sil…
from 0, < 17.3.1-1
HIGH8.1CVE-2017-7436In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middl…
from 0, < 17.3.1-1
HIGH8.1CVE-2017-7435In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middl…
from 0, < 17.3.1-1
HIGH7.8The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later…
from 0, < 17.6.1-1
LOW3.3libzypp - security update
from 0, < 17.25.5-2
LOW3.3libzypp - security update
from 0, < 14.29.1-2+deb8u1
LOW3.3The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxi…