polkit vulnerabilities and exploits

NA
CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....

4.4
CVSSv2
CVE-2019-3842

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be...

7.2
CVSSv2
CVE-2019-0797

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808....

7.2
CVSSv2
CVE-2019-0808

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797....

MicrosoftWindows 7Windows Server 2008
7.2
CVSSv2
CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent...

ApacheHttp ServerCanonicalUbuntu LinuxDebianDebian LinuxFedoraprojectFedoraOpensuseLeap
9.3
CVSSv2
CVE-2018-4415

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1....

AppleMac Os X
6.5
CVSSv2
CVE-2018-4407

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5....

AppleIphone OsMac Os XTvosWatchos
4.3
CVSSv2
CVE-2018-4338

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14....

AppleMac Os X
7.2
CVSSv2
CVE-2019-6724

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root....