Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
policykit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1658
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and previous versions allows malicious users to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
Freedesktop Policykit
Freedesktop Policykit 0.6
NA
CVE-2010-0750
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.
Freedesktop Policykit 0.96
NA
CVE-2011-1485
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
Redhat Policykit 0.96
3 EDB exploits
1 Github repository
NA
CVE-2011-4945
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.
Michael Biebl Policykit 0.103
NA
CVE-2015-3255
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) prior to 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Polkit Project Polkit
8.8
CVSSv3
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Polkit Project Polkit 0.115
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5 Github repositories
NA
CVE-2015-3218
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) prior to 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an i...
Polkit Project Polkit
NA
CVE-2015-4625
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) prior to 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
Fedoraproject Fedora 21
Opensuse Opensuse 13.2
Fedoraproject Fedora 22
Opensuse Opensuse 13.1
Polkit Project Polkit
4.4
CVSSv3
CVE-2018-1116
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a l...
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Polkit Project Polkit
NA
CVE-2011-2176
GNOME NetworkManager prior to 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
Gnome Networkmanager
Gnome Networkmanager 0.6.2
Gnome Networkmanager 0.6.1
Gnome Networkmanager 0.2.0
Gnome Networkmanager 0.7.2
Gnome Networkmanager 0.7.1
Gnome Networkmanager 0.5.0
Gnome Networkmanager 0.4.1
Gnome Networkmanager 0.8.2
Gnome Networkmanager 0.8.1
Gnome Networkmanager 0.6.0
Gnome Networkmanager 0.5.1
Gnome Networkmanager 0.7.0
Gnome Networkmanager 0.6.6
Gnome Networkmanager 0.3.1
Gnome Networkmanager 0.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »