RSS   Vulnerabilities for 'Packagekit'   RSS

2019-11-27
 
CVE-2011-2515

CWE-732
 

 
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

 
2018-04-23
 
CVE-2018-1106

CWE-287
 

 
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.

 
2014-04-16
 
CVE-2013-1764

CWE-264
 

 
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.

 


Copyright 2024, cxsecurity.com

 

Back to Top