Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
polkit project polkit vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2017-7572
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and previous versions uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the ...
Backintime Project Backintime
9
CVSSv2
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Polkit Project Polkit 0.115
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5 Github repositories
7.5
CVSSv2
CVE-2011-0703
In gksu-polkit prior to 0.0.3, the source file for xauth may contain arbitrary commands that may allow an malicious user to overtake an administrator X11 session.
Gksu-polkit Project Gksu-polkit
Debian Debian Linux 6.0
7.2
CVSSv2
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local malicious user to, for example, create a new local administrator. The hi...
Polkit Project Polkit
Debian Debian Linux 11.0
Canonical Ubuntu Linux 20.04
Redhat Virtualization 4.0
Redhat Virtualization Host 4.0
Redhat Openshift Container Platform 4.7
48 Github repositories
1 Article
7.2
CVSSv2
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle ...
Polkit Project Polkit
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
279 Github repositories
1 Article
7.2
CVSSv2
CVE-2013-4161
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.
Gksu-polkit Project Gksu-polkit 0.0.3
Fedoraproject Fedora 18
Fedoraproject Fedora 19
7.2
CVSSv2
CVE-2012-5617
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation
Gksu-polkit Project Gksu-polkit -
Fedoraproject Fedora 18
Fedoraproject Fedora 19
6.9
CVSSv2
CVE-2020-15238
Blueman is a GTK+ Bluetooth Manager. In Blueman prior to 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower...
Blueman Project Blueman
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.9
CVSSv2
CVE-2013-4327
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-201...
Systemd Project Systemd
Debian Debian Linux 7.0
Canonical Ubuntu Linux 13.04
6.8
CVSSv2
CVE-2013-6427
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x up to and including 3.13.11 launches a program from an http URL, which allows man-in-the-middle malicious users to execute arbitrary code by gaining control over the client-server data stream.
Hp Linux Imaging And Printing Project 3.11.3a
Hp Linux Imaging And Printing Project 3.13.5
Hp Linux Imaging And Printing Project 3.13.4
Hp Linux Imaging And Printing Project 3.12.4
Hp Linux Imaging And Printing Project 3.12.2
Hp Linux Imaging And Printing Project 3.11.1
Hp Linux Imaging And Printing Project 3.10.9
Hp Linux Imaging And Printing Project 3.9.6
Hp Linux Imaging And Printing Project 3.9.4
Hp Linux Imaging And Printing Project 3.13.8
Hp Linux Imaging And Printing Project 3.9.4b
Hp Linux Imaging And Printing Project 3.13.3
Hp Linux Imaging And Printing Project 3.13.2
Hp Linux Imaging And Printing Project 3.11.12
Hp Linux Imaging And Printing Project 3.11.10
Hp Linux Imaging And Printing Project 3.10.6
Hp Linux Imaging And Printing Project 3.10.5
Hp Linux Imaging And Printing Project 3.9.2
Hp Linux Imaging And Printing Project 3.13.7
Hp Linux Imaging And Printing Project 3.13.6
Hp Linux Imaging And Printing Project 3.12.10
Hp Linux Imaging And Printing Project 3.12.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »