Vulnerabilities > Opensuse > Libzypp > 16.20.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-24 | CVE-2019-18900 | Incorrect Default Permissions vulnerability in Opensuse Libzypp : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. | 3.3 |
| 2018-08-31 | CVE-2018-7685 | Improper Verification of Cryptographic Signature vulnerability in Opensuse Libzypp The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. | 7.8 |