polkit: Fix of CVE-2018-1116

CVE-2018-1116: polkit trusts client-supplied UID in CheckAuthorization, allowing a local attacker to spoof or DoS the authentication-agent dialog of unrelated processes...

CVE-2026-1116

creationtimestamp| type| source ---|---|--- 2026-04-12 03:00:33+00:00| seen| https://infosec.exchange/users/offseq/statuses/116389500215311211 2026-04-12 03:00:35+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjbecxvavp2b 2026-04-12 05:16:17+00:00| published-proof-of-concept|...

MiracleLinux 7 : polkit-0.112-26.el7 (AXSA:2020-4540:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4540:01 advisory. polkit: Improper authorization in polkitbackendinteractiveauthoritycheckauthorization function in polkitd CVE-2018-1116 Tenable has extracted the preceding...

MiracleLinux 7 : tomcat-7.0.69-10.el7 (AXSA:2016-1116:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1116:02 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Ja...

CVE-2019-1116

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-110...

Linux Distros Unpatched Vulnerability : CVE-2018-1116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to tes...

CVE-2025-1116

A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/livesearch/module/livesearch.searchresults. The manipulation of the argument...

CVE-2025-1116

Dreamvention Live AJAX Search Free for OpenCart up to version 1.0.6 is affected by a SQL injection in the searchresults/search endpoint (/?route=extension/live_search/module/live_search.searchresults) via the keyword parameter. Multiple connected sources confirm remote exploitation and public dis...

CVE-2025-1116 Dreamvention Live AJAX Search Free live_search.searchresults search sql injection

A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/livesearch/module/livesearch.searchresults. The manipulation of the argument...

CVE-2025-1116 Dreamvention Live AJAX Search Free live_search.searchresults search sql injection

A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/livesearch/module/livesearch.searchresults. The manipulation of the argument...

CVE-2024-1116

A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed t...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2022:2892-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1116

creationtimestamp| type| source ---|---|--- 2024-01-31 21:22:10+00:00| seen| https://t.me/ctinow/177111 2024-02-22 15:12:34+00:00| seen| https://t.me/ctinow/190783...

CVE-2024-1116

The CVE-2024-1116 case affects openBI versions up to 1.0.8. The vulnerability is in the index function of /application/plugins/controller/Upload.php , enabling an unrestricted file upload and enabling remote exploitation. Multiple sources confirm the issue and public disclosure of the exploit. Th...

Oracle Linux 7 : qemu-kvm (ELSA-2020-1116)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1116 advisory. - Resolves: bz1791560 CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu rhel-7.8 - Resolves: bz1771961 CVE-2019-111...

PT-2023-11515 · Ncurses +1 · Ncurses +1

Name of the Vulnerable Software and Affected Versions: ncurses version 6.1 Description: The issue is related to a Buffer Overflow vulnerability in the fmt entry function, located in progs/dump entry.c:1116, which allows remote attackers to cause a denial of service via crafted commands...

NewStart CGSL CORE 5.05 / MAIN 5.05 : polkit Multiple Vulnerabilities (NS-SA-2023-0027)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has polkit packages installed that are affected by multiple vulnerabilities: - A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd...

CVE-2023-1116

creationtimestamp| type| source ---|---|--- 2023-03-01 16:33:33+00:00| seen| https://t.me/cibsecurity/59228 2024-01-26 19:17:46+00:00| published-proof-of-concept| https://t.me/arpsyndicate/3043...

CVE-2023-1116 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.18...

CVE-2023-1116

CVE-2023-1116 is a stored Cross-Site Scripting (XSS) vulnerability in pimcore/pimcore, affecting versions prior to 10.5.18. The root cause reported is lack of sanitization in email addresses within the email blacklist function, enabling an admin-authenticated attacker to inject and execute arbitr...