Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

polkit project polkit vulnerabilities and exploits

(subscribe to this query)

5.5
CVSSv3
CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and...
Polkit Project Polkit 0.117Redhat Enterprise Linux 8.0Fedoraproject Fedora 34Fedoraproject Fedora 35Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 21.10Debian Debian Linux 11.0Oracle Zfs Storage Appliance Kit 8.8
7.8
CVSSv3
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest...
Polkit Project PolkitDebian Debian Linux 11.0Canonical Ubuntu Linux 20.04Redhat Virtualization Host 4.0Redhat Virtualization 4.0Redhat Openshift Container Platform 4.7
7.8
CVSSv3
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle...
Polkit Project PolkitRedhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux For Scientific Computing 7.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux For Power Little Endian 7.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux For Power Big Endian 7.0Redhat Enterprise Linux For Ibm Z Systems 7.0Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux 8.0Redhat Enterprise Linux Server Aus 7.7Redhat Enterprise Linux Server Tus 7.7Redhat Enterprise Linux Eus 8.2Redhat Enterprise Linux Server Tus 8.2Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Server Tus 8.4Redhat Enterprise Linux Server Aus 8.4Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4Redhat Enterprise Linux Server Update Services For Sap Solutions 8.1Redhat Enterprise Linux For Power Little Endian Eus 8.2Redhat Enterprise Linux For Ibm Z Systems Eus 8.2Redhat Enterprise Linux For Power Little Endian Eus 8.1Redhat Enterprise Linux For Power Little Endian 8.0Redhat Enterprise Linux For Ibm Z Systems Eus 8.4Redhat Enterprise Linux For Ibm Z Systems 8.0Redhat Enterprise Linux For Power Little Endian Eus 8.4Redhat Enterprise Linux Server Eus 8.4Redhat Enterprise Linux Server Update Services For Sap Solutions 7.7Redhat Enterprise Linux Server Update Services For Sap Solutions 7.6Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 21.10Suse Manager Server 4.1Suse Linux Enterprise Workstation Extension 12Suse Linux Enterprise Desktop 15Suse Enterprise Storage 7.0Suse Manager Proxy 4.1Suse Linux Enterprise High Performance Computing 15.0Suse Linux Enterprise Server 15Oracle Http Server 12.2.1.3.0Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Siemens Sinumerik EdgeSiemens Scalance Lpe9403 FirmwareStarwindsoftware Starwind Virtual San V8Starwindsoftware Starwind Hyperconverged Appliance -Starwindsoftware Command Center 1.0
7
CVSSv3
CVE-2020-15238
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower...
Blueman Project BluemanDebian Debian Linux 9.0Debian Debian Linux 10.0Fedoraproject Fedora 31Fedoraproject Fedora 32Fedoraproject Fedora 33
7.8
CVSSv3
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate...
Systemd Project SystemdRedhat Enterprise Linux 8.0Redhat Openshift Container Platform 4.0Redhat Discovery -Redhat Migration Toolkit 1.0Redhat Ceph Storage 4.0Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2013-4161
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue....
Gksu-polkit Project Gksu-polkit 0.0.3Fedoraproject Fedora 18Fedoraproject Fedora 19
7.8
CVSSv3
CVE-2012-5617
gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation...
Gksu-polkit Project Gksu-polkit -Fedoraproject Fedora 18Fedoraproject Fedora 19
9.8
CVSSv3
CVE-2011-0703
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session....
Gksu-polkit Project Gksu-polkitDebian Debian Linux 6.0
7
CVSSv3
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be...
Systemd Project Systemd 242Systemd Project SystemdRedhat Enterprise Linux 7.0Fedoraproject Fedora 30Debian Debian Linux 8.0
6.7
CVSSv3
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in...
Polkit Project Polkit 0.115Debian Debian Linux 8.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Eus 7.6Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server Aus 6.6Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Workstation 6.0Canonical Ubuntu Linux 18.10Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
elevation of privilegeCVE-2022-42331CVE-2023-24709CVE-2023-27569open redirectinjectionCVE-2023-27087
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook