zypper (SUSE:Enterprise Storage 4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 4 package zypper, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2018-7685 — CVSS 7.8 (high): The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later…
CVE-2017-9269 — CVSS 7.7 (high): In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to…
CVE-2018-20532 — CVSS 6.5 (medium): There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a…
CVE-2018-20533 — CVSS 6.5 (medium): There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that…
CVE-2018-20534 — CVSS 6.5 (medium): There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third…