Packagekit@* Security Vulnerabilities and Issues — Packagekit@* CVE List

Lucene search

Packagekit ProjectPackagekit*

5 matches found

CVE•added 2018/04/23 8:29 p.m.•111 views

CVE-2018-1106

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

5.5CVSS5.2AI score0.0003EPSS

CVE•added 2024/01/03 5:15 p.m.•78 views

CVE-2024-0217

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any p...

3.3CVSS3.7AI score0.00024EPSS

CVE•added 2022/06/28 5:15 p.m.•60 views

CVE-2022-0987

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.

3.3CVSS3.8AI score0.00041EPSS

CVE•added 2014/04/16 6:37 p.m.•42 views

CVE-2013-1764

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.

2.1CVSS6.4AI score0.00063EPSS

CVE•added 2019/11/27 9:15 p.m.•41 views

CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

5.3CVSS5.4AI score0.00165EPSS