Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
polkit vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-5535
gnome-system-log polkit policy allows arbitrary files on the system to be read
Gnome Gnome-system-log -
Fedoraproject Fedora 17
Fedoraproject Fedora 18
9.3
CVSSv2
CVE-2017-7572
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and previous versions uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the ...
Backintime Project Backintime
7.2
CVSSv2
CVE-2022-29934
USU Oracle Optimization prior to 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.
Usu Oracle Optimization 5.16.2
6.9
CVSSv2
CVE-2014-5033
KDE kdelibs prior to 4.14 and kauth prior to 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) p...
Canonical Ubuntu Linux 14.04
Debian Kde4libs -
Canonical Ubuntu Linux 12.04
Kde Kdelibs 4.12.95
Kde Kdelibs 4.12.90
Kde Kdelibs 4.11.97
Kde Kdelibs 4.11.95
Kde Kdelibs 4.11.1
Kde Kdelibs 4.11.0
Kde Kdelibs
Kde Kdelibs 4.13.95
Kde Kauth
Kde Kdelibs 4.13.3
Kde Kdelibs 4.12.80
Kde Kdelibs 4.12.5
Kde Kdelibs 4.11.90
Kde Kdelibs 4.11.80
Kde Kdelibs 4.10.97
Kde Kdelibs 4.10.95
Kde Kdelibs 4.13.90
Kde Kdelibs 4.13.80
Kde Kdelibs 4.13.0
4.6
CVSSv2
CVE-2008-1658
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and previous versions allows malicious users to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
Freedesktop Policykit
Freedesktop Policykit 0.6
4.6
CVSSv2
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei...
Systemd Project Systemd
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Discovery -
Redhat Migration Toolkit 1.0
Redhat Ceph Storage 4.0
Debian Debian Linux 9.0
1 Github repository
1 Article
6.9
CVSSv2
CVE-2020-15238
Blueman is a GTK+ Bluetooth Manager. In Blueman prior to 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower...
Blueman Project Blueman
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2013-5651
The virBitmapParse function in util/virbitmap.c in libvirt prior to 1.1.2 allows context-dependent malicious users to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
Redhat Libvirt 0.4.1
Redhat Libvirt 0.9.13
Redhat Libvirt 0.8.6
Redhat Libvirt 1.0.5.4
Redhat Libvirt 0.9.6.3
Redhat Libvirt 0.9.2
Redhat Libvirt 0.4.5
Redhat Libvirt 0.7.5
Redhat Libvirt 0.0.6
Redhat Libvirt 0.9.5
Redhat Libvirt 1.0.5.3
Redhat Libvirt 0.5.0
Redhat Libvirt 0.10.2.2
Redhat Libvirt
Redhat Libvirt 0.9.11.3
Redhat Libvirt 0.7.2
Redhat Libvirt 0.1.1
Redhat Libvirt 0.0.3
Redhat Libvirt 0.1.7
Redhat Libvirt 0.0.1
Redhat Libvirt 1.0.5
Redhat Libvirt 0.2.0
NA
CVE-2023-4104
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN ...
Mozilla Vpn
1 Article
6.9
CVSSv2
CVE-2011-1485
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
Redhat Policykit 0.96
3 EDB exploits
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »