Opensuse » Zypper : Security Vulnerabilities, CVEs,

CVE-2017-9271

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
Max CVSS
4.0
EPSS Score
0.04%
Published
2018-03-01
Updated
2021-02-25

CVE-2012-0420

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.
Max CVSS
4.4
EPSS Score
0.04%
Published
2013-12-02
Updated
2013-12-03

CVE-2008-3187

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
Max CVSS
5.0
EPSS Score
0.30%
Published
2008-07-21
Updated
2017-08-08
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close