PT-2026-1852

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session...

SUSE CVE-2023-4104

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN 2.16.1 Linux...

Polkit D-Bus Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'Polkit D-Bus Authentication Bypass', 'Description' = %q A vulnerability exists within the polkit system service that can be...

CentOS 8 : polkit (CESA-2021:2238)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2238 advisory. - polkit: local privilege escalation using polkitsystembusnamegetcredssync CVE-2021-3560 Note that Nessus has not tested for this issue but has instead relied...

Ubuntu 16.04 LTS / 18.04 LTS : GVfs vulnerabilities (USN-4053-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4053-1 advisory. It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong...