Authentication flaw

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system...

CVE-2018-1106

CVE-2018-1106 affects PackageKit prior to 1.1.10. The vulnerability is an authentication bypass that allows a non-administrative user to install signed packages, enabling local privilege escalation and potential system compromise by installing vulnerable packages. Public advisories (various OS ve...

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system...

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system...

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system...

SUSE-SU-2018:1047-1 Security update for PackageKit

CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936...

openSUSE Security Update : libzypp / zypper (openSUSE-2017-893)

The Software Update Stack was updated to receive fixes and enhancements. libzypp : Security issues fixed : - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes : - Re-probe on refresh if the...

Security update for libzypp, zypper (important)

The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. bsc1045735, bsc1038984 Bug fixes: - Re-probe on refresh if the repository...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the PackageKit-lang package of the openSUSE operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by malicious individuals who have completed the...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the PackageKit-debugsource package of the openSUSE operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by malicious individuals who have completed t...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the PackageKit-devel package of the openSUSE operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by a malicious individual who has completed the...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the PackageKit package of the openSUSE operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by malicious individuals who have completed the...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the PackageKit-debuginfo package of the openSUSE operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by malicious individuals who have completed the...

openSUSE Security Update : PackageKit (openSUSE-SU-2013:0889-1)

The PackageKit zypp backend was fixed to only allow patches to be updated. Otherwise a regular user could install new packages or even downgrade older packages to ones with security problems. CVE-2013-1764 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

openSUSE Security Update : PackageKit (openSUSE-SU-2013:0381-1)

PackageKit was fixed to add a patch to forbid update to downgrade bnc804983 As the update operation is allowed for logged in regular users, they could install old package versions which might have been still affected by already fixed security problems. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2013-1764

The Zypper aka zypp backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method...

Design/Logic Flaw

The Zypper aka zypp backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method...

CVE-2013-1764

The CVE-2013-1764 issue affects the Zypper/zypp backend in PackageKit prior to 0.8.8. According to multiple sources (SUSE, UBUNTU, Debian, etc.), local users can downgrade packages via the install updates method, indicating a local escalation/precedent flaw that allows downgrades rather than enf...

CVE-2013-1764

The Zypper aka zypp backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method...

CVE-2013-1764

The Zypper aka zypp backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method...