Packagekit Project: >> Packagekit >> 0.1.4 Security Vulnerabilities
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-01-03
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-06-28
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-04-23
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
CVSS Score
2.1
EPSS Score
0.001
Published
2014-04-16