Packagekit Project Packagekit vulnerabilities

CVE-2024-0217 [LOW] CWE-416 CVE-2024-0217: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics f A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered

CVE-2011-2515 [MEDIUM] CWE-732 CVE-2011-2515: PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

CVE-2018-1106 [MEDIUM] CWE-287 CVE-2018-1106: An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without a An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

CVE-2013-1764 [LOW] CWE-264 CVE-2013-1764: The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages vi The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.