zypper (SUSE:Linux Enterprise Server 12 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP2 package zypper, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2017-7435 — CVSS 8.1 (high): In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the…
CVE-2017-7436 — CVSS 8.1 (high): In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the…
CVE-2017-9269 — CVSS 7.7 (high): In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to…