View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-7435 severity moderate: SUSE including 299 source package names (0.9.1:libzypp-16.15.3-2.3.1, 1.0.0:libzypp-16.15.3-2.3.1, …), 367 product×package rows across 91 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (91 product lines)): Fixed 188, Known Affected 157, Known Not Affected 22.
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.