CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0217 – Packagekitd: use-after-free in idle function callback
https://notcve.org/view.php?id=CVE-2024-0217
03 Jan 2024 — A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. Se encontró un fallo de use after free en PackageKitd. • https://access.redhat.com/security/cve/CVE-2024-0217 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-2515
https://notcve.org/view.php?id=CVE-2011-2515
27 Nov 2019 — PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. PackageKit versión 0.6.17, permite la instalación de paquetes RPM sin firmar como si estuvieran firmados, lo que puede permitir la instalación de paquetes no seguros y la ejecución de código arbitrario. • https://access.redhat.com/security/cve/cve-2011-2515 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1106 – PackageKit: authentication bypass allows to install signed packages without administrator privileges
https://notcve.org/view.php?id=CVE-2018-1106
23 Apr 2018 — An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. Se ha encontrado un fallo de omisión de autenticación en PackageKit, en versiones anteriores a la 1.1.10, que permite que usuarios con privilegios de administrador instalen paquetes firmados. Un atacante local puede emplear esta vulnerabilidad para inst... • http://www.openwall.com/lists/oss-security/2018/04/23/3 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1764
https://notcve.org/view.php?id=CVE-2013-1764
16 Apr 2014 — The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. El backend Zypper (también conocido como zypp) en PackageKit anterior a 0.8.8 permite a usuarios locales degradar paquetes a través del método "instalar actualizaciones". • http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html • CWE-264: Permissions, Privileges, and Access Controls •