Vulnerabilities > Packagekit Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2024-0217 | Use After Free vulnerability in multiple products A use-after-free flaw was found in PackageKitd. | 3.3 |
| 2022-06-28 | CVE-2022-0987 | A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. | 2.1 |
| 2020-11-07 | CVE-2020-16122 | Insufficient Verification of Data Authenticity vulnerability in multiple products PackageKit's apt backend mistakenly treated all local debs as trusted. | 7.8 |
| 2020-11-07 | CVE-2020-16121 | Information Exposure Through an Error Message vulnerability in multiple products PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | 2.1 |
| 2019-11-27 | CVE-2011-2515 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. | 4.6 |
| 2018-04-23 | CVE-2018-1106 | Improper Authentication vulnerability in multiple products An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. | 2.1 |
| 2014-04-16 | CVE-2013-1764 | Permissions, Privileges, and Access Controls vulnerability in Packagekit Project Packagekit The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. | 2.1 |