Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
polkit project vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2011-0703
In gksu-polkit prior to 0.0.3, the source file for xauth may contain arbitrary commands that may allow an malicious user to overtake an administrator X11 session.
Gksu-polkit Project Gksu-polkit
Debian Debian Linux 6.0
445
VMScore
CVE-2019-3842
In systemd before v242-rc4, it exists that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked ...
Systemd Project Systemd 242
Systemd Project Systemd
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 30
Debian Debian Linux 8.0
1 EDB exploit
392
VMScore
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
Polkit Project Polkit 0.115
Debian Debian Linux 8.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server Aus 6.6
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
803
VMScore
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Polkit Project Polkit 0.115
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5 Github repositories
320
VMScore
CVE-2018-1116
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a l...
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Polkit Project Polkit
828
VMScore
CVE-2017-7572
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and previous versions uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the ...
Backintime Project Backintime
187
VMScore
CVE-2015-3218
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) prior to 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an i...
Polkit Project Polkit
409
VMScore
CVE-2015-3255
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) prior to 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Polkit Project Polkit
409
VMScore
CVE-2015-4625
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) prior to 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
Fedoraproject Fedora 21
Opensuse Opensuse 13.2
Fedoraproject Fedora 22
Opensuse Opensuse 13.1
Polkit Project Polkit
187
VMScore
CVE-2013-6402
base/pkit.py in HP Linux Imaging and Printing (HPLIP) up to and including 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
Hp Linux Imaging And Printing Project
Hp Linux Imaging And Printing Project 3.11.3a
Hp Linux Imaging And Printing Project 3.13.5
Hp Linux Imaging And Printing Project 3.13.4
Hp Linux Imaging And Printing Project 3.12.6
Hp Linux Imaging And Printing Project 3.12.4
Hp Linux Imaging And Printing Project 3.11.1
Hp Linux Imaging And Printing Project 3.10.9
Hp Linux Imaging And Printing Project 3.9.6
Hp Linux Imaging And Printing Project 3.9.4
Hp Linux Imaging And Printing Project 3.13.8
Hp Linux Imaging And Printing Project 3.9.4b
Hp Linux Imaging And Printing Project 3.13.3
Hp Linux Imaging And Printing Project 3.13.2
Hp Linux Imaging And Printing Project 3.12.2
Hp Linux Imaging And Printing Project 3.11.12
Hp Linux Imaging And Printing Project 3.11.10
Hp Linux Imaging And Printing Project 3.10.6
Hp Linux Imaging And Printing Project 3.10.5
Hp Linux Imaging And Printing Project 3.9.2
Hp Linux Imaging And Printing Project 3.13.10
Hp Linux Imaging And Printing Project 3.13.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »