rpm package
opensuse/PackageKit&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/PackageKit&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41651 | Hig | 8.8 | < 1.3.5-1.1 | 1.3.5-1.1 | Apr 22, 2026 | PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transa | |
| CVE-2020-16121 | — | < 1.2.2-13.2 | 1.2.2-13.2 | Nov 7, 2020 | PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | ||
| CVE-2018-1106 | — | < 1.2.2-13.2 | 1.2.2-13.2 | Apr 23, 2018 | An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. | ||
| CVE-2008-4311 | — | < 1.2.2-13.2 | 1.2.2-13.2 | Dec 10, 2008 | The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, |
- affected < 1.3.5-1.1fixed 1.3.5-1.1
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transa
- CVE-2020-16121Nov 7, 2020affected < 1.2.2-13.2fixed 1.2.2-13.2
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
- CVE-2018-1106Apr 23, 2018affected < 1.2.2-13.2fixed 1.2.2-13.2
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
- CVE-2008-4311Dec 10, 2008affected < 1.2.2-13.2fixed 1.2.2-13.2
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages,