Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
polkit project polkit vulnerabilities and exploits
(subscribe to this query)
6.2
CVSSv2
CVE-2020-13776
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-...
Systemd Project Systemd
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Fedoraproject Fedora 32
4.6
CVSSv2
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei...
Systemd Project Systemd
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Discovery -
Redhat Migration Toolkit 1.0
Redhat Ceph Storage 4.0
Debian Debian Linux 9.0
1 Github repository
1 Article
4.6
CVSSv2
CVE-2015-3255
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) prior to 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Polkit Project Polkit
4.6
CVSSv2
CVE-2015-4625
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) prior to 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
Fedoraproject Fedora 21
Opensuse Opensuse 13.2
Fedoraproject Fedora 22
Opensuse Opensuse 13.1
Polkit Project Polkit
4.4
CVSSv2
CVE-2019-3842
In systemd before v242-rc4, it exists that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked ...
Systemd Project Systemd 242
Systemd Project Systemd
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 30
Debian Debian Linux 8.0
1 EDB exploit
4.4
CVSSv2
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
Polkit Project Polkit 0.115
Debian Debian Linux 8.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server Aus 6.6
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
3.6
CVSSv2
CVE-2018-1116
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a l...
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Polkit Project Polkit
2.9
CVSSv2
CVE-2020-13529
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigu...
Systemd Project Systemd 245
Fedoraproject Fedora 33
Netapp Cloud Backup -
Netapp Active Iq Unified Manager -
2.1
CVSSv2
CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and ...
Polkit Project Polkit 0.117
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
Debian Debian Linux 11.0
Oracle Zfs Storage Appliance Kit 8.8
2.1
CVSSv2
CVE-2015-3218
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) prior to 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an i...
Polkit Project Polkit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »