CVE-2023-22643 – libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
https://notcve.org/view.php?id=CVE-2023-22643
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. • https://bugzilla.suse.com/show_bug.cgi?id=1206836 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-18900 – libzypp stores cookies world readable
https://notcve.org/view.php?id=CVE-2019-18900
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. Una vulnerabilidad de Permisos Predeterminados Incorrectos en libzypp de SUSE CaaS Platform versión 3.0, SUSE Linux Enterprise Server versión12, SUSE Linux Enterprise Server versión 15, permitió a atacantes locales leer un almacén de cookies utilizado por libzypp, exponiendo cookies privadas. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html https://bugzilla.suse.com/show_bug.cgi?id=1158763 https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html • CWE-276: Incorrect Default Permissions •
CVE-2018-7685 – libzypp does not reevaluate malicious rpms once downloaded
https://notcve.org/view.php?id=CVE-2018-7685
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. Los pasos de descarga e instalación desacoplados en libzypp en versiones anteriores a la 17.5.0 podría conducir a que un RPM corrupto se deje en la caché, en la que una llamada posterior no mostraría el aviso de RPM corrupto y permite la instalación. Este problema está provocado por avisos maliciosos que solo se muestran durante la descarga. • http://lists.suse.com/pipermail/sle-security-updates/2018-August/004510.html https://bugzilla.suse.com/show_bug.cgi?id=1091624 https://www.suse.com/de-de/security/cve/CVE-2018-7685 • CWE-347: Improper Verification of Cryptographic Signature CWE-358: Improperly Implemented Security Check for Standard •
CVE-2017-7436 – libzypp accepts unsigned packages even when configured to check signatures
https://notcve.org/view.php?id=CVE-2017-7436
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. En libzypp, en versiones anteriores a la 20170803, fue posible recuperar paquetes no firmados sin avisar al usuario. Esto podía resultar en que un atacante Man-in-the-Middle (MitM) o servidores maliciosos inyectasen paquetes RPM maliciosos en el sistema de un usuario. • https://bugzilla.suse.com/show_bug.cgi?id=1038984 https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html https://www.suse.com/de-de/security/cve/CVE-2017-7436 • CWE-20: Improper Input Validation •
CVE-2017-7435 – libzypp accepts unsigned 3rd party repo without warning
https://notcve.org/view.php?id=CVE-2017-7435
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. En libzypp, en versiones anteriores a la 20170803, fue posible añadir repositorios YUM no firmados sin avisar al usuario. Esto podía resultar en que un atacante Man-in-the-Middle (MitM) o servidores maliciosos inyectasen paquetes RPM maliciosos en el sistema de un usuario. • https://bugzilla.suse.com/show_bug.cgi?id=1009127 https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html https://www.suse.com/de-de/security/cve/CVE-2017-7435 • CWE-20: Improper Input Validation •