Packagekitproject Packagekit
By the Year
In 2024 there have been 1 vulnerability in Packagekitproject Packagekit with an average score of 3.3 out of ten. Packagekit did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 3.30 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 3.30 |
| 2021 | 0 | 0.00 |
| 2020 | 2 | 5.55 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.50 |
It may take a day or so for new Packagekit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Packagekitproject Packagekit Security Vulnerabilities
A use-after-free flaw was found in PackageKitd
CVE-2024-0217
3.3 - Low
- January 03, 2024
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
Dangling pointer
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files
CVE-2022-0987
3.3 - Low
- June 28, 2022
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
PackageKit provided detailed error messages to unprivileged callers
CVE-2020-16121
3.3 - Low
- November 07, 2020
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Generation of Error Message Containing Sensitive Information
PackageKit's apt backend mistakenly treated all local debs as trusted
CVE-2020-16122
7.8 - High
- November 07, 2020
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Insufficient Verification of Data Authenticity
An authentication bypass flaw has been found in PackageKit before 1.1.10
CVE-2018-1106
5.5 - Medium
- April 23, 2018
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Packagekitproject? Click the Watch button to subscribe.
