3 results (0.006 seconds)

CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. Se encontró un fallo de use after free en PackageKitd. • https://access.redhat.com/security/cve/CVE-2024-0217 https://bugzilla.redhat.com/show_bug.cgi?id=2256624 https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. Se ha encontrado un fallo de omisión de autenticación en PackageKit, en versiones anteriores a la 1.1.10, que permite que usuarios con privilegios de administrador instalen paquetes firmados. Un atacante local puede emplear esta vulnerabilidad para instalar paquetes vulnerables para comprometer aún más un sistema. An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. • http://www.openwall.com/lists/oss-security/2018/04/23/3 https://access.redhat.com/errata/RHSA-2018:1224 https://bugzilla.redhat.com/show_bug.cgi?id=1565992 https://usn.ubuntu.com/3634-1 https://www.debian.org/security/2018/dsa-4207 https://access.redhat.com/security/cve/CVE-2018-1106 • CWE-287: Improper Authentication •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. El backend Zypper (también conocido como zypp) en PackageKit anterior a 0.8.8 permite a usuarios locales degradar paquetes a través del método "instalar actualizaciones". • http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html http://www.openwall.com/lists/oss-security/2013/02/25/20 https://bugs.freedesktop.org/show_bug.cgi?id=61231 https://bugzilla.novell.com/show_bug.cgi?id=804983 https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425 https://gitorious.org/packagekit/packagekit/source/NEWS • CWE-264: Permissions, Privileges, and Access Controls •