CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0217 – Packagekitd: use-after-free in idle function callback
https://notcve.org/view.php?id=CVE-2024-0217
03 Jan 2024 — A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. Se encontró un fallo de use after free en PackageKitd. • https://access.redhat.com/security/cve/CVE-2024-0217 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1106 – PackageKit: authentication bypass allows to install signed packages without administrator privileges
https://notcve.org/view.php?id=CVE-2018-1106
23 Apr 2018 — An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. Se ha encontrado un fallo de omisión de autenticación en PackageKit, en versiones anteriores a la 1.1.10, que permite que usuarios con privilegios de administrador instalen paquetes firmados. Un atacante local puede emplear esta vulnerabilidad para inst... • http://www.openwall.com/lists/oss-security/2018/04/23/3 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1764
https://notcve.org/view.php?id=CVE-2013-1764
16 Apr 2014 — The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. El backend Zypper (también conocido como zypp) en PackageKit anterior a 0.8.8 permite a usuarios locales degradar paquetes a través del método "instalar actualizaciones". • http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html • CWE-264: Permissions, Privileges, and Access Controls •