Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
packagekit vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2013-1764
The Zypper (aka zypp) backend in PackageKit prior to 0.8.8 allows local users to downgrade packages via the "install updates" method.
Packagekit Project Packagekit
Packagekit Project Packagekit 0.8.6
Packagekit Project Packagekit 0.8.5
Packagekit Project Packagekit 0.8.4
Packagekit Project Packagekit 0.8.3
Packagekit Project Packagekit 0.8.1
Packagekit Project Packagekit 0.8.2
2.1
CVSSv2
CVE-2020-16121
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Packagekit Project Packagekit -
Canonical Ubuntu Linux 20.04
2.1
CVSSv2
CVE-2022-0987
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Packagekit Project Packagekit
Redhat Enterprise Linux 9.0
NA
CVE-2024-0217
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other al...
Packagekit Project Packagekit
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 39
2.1
CVSSv2
CVE-2020-16122
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Packagekit Project Packagekit -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
4.6
CVSSv2
CVE-2011-2515
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Packagekit Project Packagekit 0.6.17
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Server 6.0
6.8
CVSSv2
CVE-2010-4013
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x prior to 10.6.6 allows man-in-the-middle malicious users to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scrip...
Apple Mac Os X 10.6.3
Apple Mac Os X 10.6.0
Apple Mac Os X 10.6.4
Apple Mac Os X 10.6.2
Apple Mac Os X 10.6.1
Apple Mac Os X 10.6.5
Apple Mac Os X Server 10.6.4
Apple Mac Os X Server 10.6.3
Apple Mac Os X Server 10.6.2
Apple Mac Os X Server 10.6.0
Apple Mac Os X Server 10.6.1
Apple Mac Os X Server 10.6.5
2.1
CVSSv2
CVE-2022-22583
A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.
Apple Mac Os X
Apple Mac Os X 10.15.7
Apple Macos
Apple Macos 10.15.7
4.3
CVSSv2
CVE-2010-1206
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x prior to 3.5.11 and 3.6.x prior to 3.6.7, and SeaMonkey prior to 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a...
Mozilla Firefox 3.5.4
Mozilla Firefox 3.5.5
Mozilla Firefox 3.6.3
Mozilla Firefox 3.6.4
Mozilla Firefox 3.5.6
Mozilla Firefox 3.5.7
Mozilla Firefox 3.6.6
Mozilla Firefox 3.5.1
Mozilla Firefox 3.5.9
Mozilla Firefox 3.5.10
Mozilla Firefox 3.5.2
Mozilla Firefox 3.5.3
Mozilla Firefox 3.6.1
Mozilla Firefox 3.6.2
Mozilla Seamonkey 1.0.5
Mozilla Seamonkey 1.0.6
Mozilla Seamonkey 1.0
Mozilla Seamonkey 1.1.17
Mozilla Seamonkey 1.1.18
Mozilla Seamonkey 1.0.7
Mozilla Seamonkey 1.0.8
Mozilla Seamonkey 1.1.11
4.3
CVSSv2
CVE-2010-1207
Mozilla Firefox prior to 3.6.7 and Thunderbird prior to 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote malicious users to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.
Mozilla Firefox 3.6
Mozilla Firefox 3.6.2
Mozilla Firefox 3.6.4
Mozilla Firefox
Mozilla Firefox 3.6.3
Mozilla Thunderbird
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »