Search criteria
7 vulnerabilities by packagekit_project
CVE-2024-0217 (GCVE-0-2024-0217)
Vulnerability from cvelistv5 – Published: 2024-01-03 17:04 – Updated: 2025-11-21 06:24
VLAI?
Summary
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
1.2.0 , < 1.2.7
(semver)
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
This issue was discovered by Thibault Guittet (Red Hat).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0217"
},
{
"name": "RHBZ#2256624",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T18:34:30.608642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T18:38:51.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/PackageKit/PackageKit",
"defaultStatus": "unaffected",
"packageName": "PackageKit",
"versions": [
{
"lessThan": "1.2.7",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "compat-PackageKit08",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "PackageKit",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Thibault Guittet (Red Hat)."
}
],
"datePublic": "2024-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T06:24:15.764Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0217"
},
{
"name": "RHBZ#2256624",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624"
},
{
"url": "https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-03T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Packagekitd: use-after-free in idle function callback",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0217",
"datePublished": "2024-01-03T17:04:37.841Z",
"dateReserved": "2024-01-03T13:40:33.684Z",
"dateUpdated": "2025-11-21T06:24:15.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0987 (GCVE-0-2022-0987)
Vulnerability from cvelistv5 – Published: 2022-06-28 16:09 – Updated: 2024-08-02 23:47
VLAI?
Summary
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PackageKit |
Affected:
All PackageKit versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All PackageKit versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T16:09:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064315"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0987",
"datePublished": "2022-06-28T16:09:26",
"dateReserved": "2022-03-15T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16122 (GCVE-0-2020-16122)
Vulnerability from cvelistv5 – Published: 2020-11-07 04:10 – Updated: 2024-09-16 16:13
VLAI?
Summary
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
Severity ?
8.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | packagekit |
Affected:
1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1
(custom)
Affected: 1.1.9-1ubuntu , < 1.1.9-1ubuntu2.18.04.6 (custom) Affected: 0.8.17-4ubuntu , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom) |
Credits
Sami Niemimäki and Esko Järnfors
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "packagekit",
"vendor": "PackageKit",
"versions": [
{
"lessThan": "1.1.13-2ubuntu1.1",
"status": "affected",
"version": "1.1.13-2ubuntu",
"versionType": "custom"
},
{
"lessThan": "1.1.9-1ubuntu2.18.04.6",
"status": "affected",
"version": "1.1.9-1ubuntu",
"versionType": "custom"
},
{
"lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
"status": "affected",
"version": "0.8.17-4ubuntu",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-07T04:10:19",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
],
"discovery": "EXTERNAL"
},
"title": "Packagekit\u0027s apt backend lets user install untrusted local packages",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-06-12T00:00:00.000Z",
"ID": "CVE-2020-16122",
"STATE": "PUBLIC",
"TITLE": "Packagekit\u0027s apt backend lets user install untrusted local packages"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "packagekit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.13-2ubuntu",
"version_value": "1.1.13-2ubuntu1.1"
},
{
"version_affected": "\u003c",
"version_name": "1.1.9-1ubuntu",
"version_value": "1.1.9-1ubuntu2.18.04.6"
},
{
"version_affected": "\u003c",
"version_name": "0.8.17-4ubuntu",
"version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
}
]
}
}
]
},
"vendor_name": "PackageKit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16122",
"datePublished": "2020-11-07T04:10:19.889638Z",
"dateReserved": "2020-07-29T00:00:00",
"dateUpdated": "2024-09-16T16:13:16.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16121 (GCVE-0-2020-16121)
Vulnerability from cvelistv5 – Published: 2020-11-07 04:10 – Updated: 2024-09-17 04:04
VLAI?
Summary
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
Severity ?
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PackageKit | PackageKit |
Affected:
1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1
(custom)
Affected: 1.1.9-1ubuntu2 , < 1.1.9-1ubuntu2.18.04.6 (custom) Affected: 0.8.17-4ubuntu6 , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom) |
Credits
Vaisha Bernard
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "PackageKit",
"versions": [
{
"lessThan": "1.1.13-2ubuntu1.1",
"status": "affected",
"version": "1.1.13-2ubuntu",
"versionType": "custom"
},
{
"lessThan": "1.1.9-1ubuntu2.18.04.6",
"status": "affected",
"version": "1.1.9-1ubuntu2",
"versionType": "custom"
},
{
"lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
"status": "affected",
"version": "0.8.17-4ubuntu6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vaisha Bernard"
}
],
"datePublic": "2020-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-07T04:10:19",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
],
"discovery": "EXTERNAL"
},
"title": "PackageKit error messages leak presence and mimetype of files to unprivileged users",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-09-24T00:00:00.000Z",
"ID": "CVE-2020-16121",
"STATE": "PUBLIC",
"TITLE": "PackageKit error messages leak presence and mimetype of files to unprivileged users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PackageKit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.13-2ubuntu",
"version_value": "1.1.13-2ubuntu1.1"
},
{
"version_affected": "\u003c",
"version_name": "1.1.9-1ubuntu2",
"version_value": "1.1.9-1ubuntu2.18.04.6"
},
{
"version_affected": "\u003c",
"version_name": "0.8.17-4ubuntu6",
"version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
}
]
}
}
]
},
"vendor_name": "PackageKit"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vaisha Bernard"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html",
"refsource": "MISC",
"url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4538-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16121",
"datePublished": "2020-11-07T04:10:19.447213Z",
"dateReserved": "2020-07-29T00:00:00",
"dateUpdated": "2024-09-17T04:04:03.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2515 (GCVE-0-2011-2515)
Vulnerability from cvelistv5 – Published: 2019-11-27 20:18 – Updated: 2024-08-06 23:00
VLAI?
Summary
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
Severity ?
No CVSS data available.
CWE
- installs unsigned RPM packages as though they were signed
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| packagekit | packagekit |
Affected:
0.6.15
Affected: 0.6.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"name": "48557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/48557/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "packagekit",
"vendor": "packagekit",
"versions": [
{
"status": "affected",
"version": "0.6.15"
},
{
"status": "affected",
"version": "0.6.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "installs unsigned RPM packages as though they were signed",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T20:18:50",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-2515"
},
{
"name": "48557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/48557/info"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2515",
"datePublished": "2019-11-27T20:18:50",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1106 (GCVE-0-2018-1106)
Vulnerability from cvelistv5 – Published: 2018-04-23 20:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | PackageKit |
Affected:
before 1.1.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PackageKit",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "before 1.1.10"
}
]
}
],
"datePublic": "2018-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3634-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-04-23T00:00:00",
"ID": "CVE-2018-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PackageKit",
"version": {
"version_data": [
{
"version_value": "before 1.1.10"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3634-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3634-1/"
},
{
"name": "DSA-4207",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4207"
},
{
"name": "[oss-security] 20180423 Multiple local root vulnerabilities involving PackageKit CVE-2018-1106",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/04/23/3"
},
{
"name": "RHSA-2018:1224",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1224"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1106",
"datePublished": "2018-04-23T20:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-16T16:18:44.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1764 (GCVE-0-2013-1764)
Vulnerability from cvelistv5 – Published: 2014-04-16 18:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130225 Re: CVE Request: PackageKit\"update\" allows downgrade of packages when using the \"zypp\" backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/packagekit/packagekit/source/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=61231"
},
{
"name": "openSUSE-SU-2013:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=804983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the \"install updates\" method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-16T17:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130225 Re: CVE Request: PackageKit\"update\" allows downgrade of packages when using the \"zypp\" backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/25/20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/packagekit/packagekit/source/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=61231"
},
{
"name": "openSUSE-SU-2013:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=804983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1764",
"datePublished": "2014-04-16T18:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}