Filtered by vendor Suse Subscriptions
Filtered by product Libzypp Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-44941 1 Suse 1 Libzypp 2026-07-07 8.4 High
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
CVE-2026-25707 1 Suse 1 Libzypp 2026-06-29 8.8 High
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
CVE-2026-44942 1 Suse 1 Libzypp 2026-06-24 6.5 Medium
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.