Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-7436

Опубликовано: 01 мар. 2018
Источник: nvd
CVSS3: 8.1
CVSS2: 9.3
EPSS Низкий

Описание

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:opensuse:libzypp:*:*:*:*:*:*:*:*
Версия до 16.15.2 (включая)

EPSS

Процентиль: 66%
0.00521
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2017-7436

CVSS3: 8.1
ubuntu
почти 8 лет назад

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

debian логотип

CVE-2017-7436

CVSS3: 8.1
debian
почти 8 лет назад

In libzypp before 20170803 it was possible to retrieve unsigned packag ...

suse-cvrf логотип

openSUSE-SU-2017:2370-1

suse-cvrf
больше 8 лет назад

Security update for libzypp, zypper

suse-cvrf логотип

SUSE-SU-2017:2344-1

suse-cvrf
больше 8 лет назад

Security update for libzypp, zypper

github логотип

GHSA-wf75-8v2m-5h2m

CVSS3: 8.1
github
больше 3 лет назад

In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.

EPSS

Процентиль: 66%
0.00521
Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20