414 matches found
macOS PackageKit ZSH Environment Privilege Escalation
This module exploits CVE-2024-27822, a vulnerability in macOS PackageKit.framework where PKG installer scripts using a ZSH shebang !/bin/zsh are executed as root while inheriting the installing user's environment. This causes ZSH to load the user's /.zshenv with root privileges before the install...
OESA-2026-2689 PackageKit security update
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API. Security Fixes: A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of th...
Updated packagekit packages fix security vulnerability
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...
MGASA-2026-0180 Updated packagekit packages fix security vulnerability
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root. CVE-2026-41651...
ROS-20260609-73-0005
The vulnerability of the PackageKit package manager is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the system with root privileges...
RHEL 7 : PackageKit (RHSA-2026:22146)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22146 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...
CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
RockyLinux 10 : PackageKit (RLSA-2026:19141)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19141 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...
SUSE CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
Linux Distros Unpatched Vulnerability : CVE-2026-10294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such...
RHSA-2026:22146 Red Hat Security Advisory: PackageKit security update
Bulletin has no description...
EUVD-2026-33818
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
DEBIAN-CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
UBUNTU-CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294
A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-10294
CVE-2026-10294 affects PackageKit up to 1.3.5. The vulnerable component is the API function g_file_test in src/pk-transaction.c. Manipulation of the argument frontend-socket leads to improper authorization. The issue can be exploited remotely, and the exploit has been disclosed publicly and may b...