Packagekitproject Packagekit
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Packagekitproject Packagekit.
By the Year
In 2026 there have been 0 vulnerabilities in Packagekitproject Packagekit. Packagekit did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 3.30 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 3.30 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 5.75 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.50 |
It may take a day or so for new Packagekit vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Packagekitproject Packagekit Security Vulnerabilities
Use-after-Free in PackageKitd Transaction Cleanup
CVE-2024-0217
3.3 - Low
- January 03, 2024
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
Dangling pointer
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files
CVE-2022-0987
3.3 - Low
- June 28, 2022
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
PackageKit provided detailed error messages to unprivileged callers
CVE-2020-16121
3.3 - Low
- November 07, 2020
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Generation of Error Message Containing Sensitive Information
PackageKit's apt backend mistakenly treated all local debs as trusted
CVE-2020-16122
8.2 - High
- November 07, 2020
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Improper Privilege Management
An authentication bypass flaw has been found in PackageKit before 1.1.10
CVE-2018-1106
5.5 - Medium
- April 23, 2018
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Packagekitproject Packagekit or by Packagekitproject? Click the Watch button to subscribe.
