[SECURITY] Fedora 44 Update: polkit-kde-6.6.4-1.fc44

Provides Policy Kit Authentication Agent that nicely fits to KDE...

MiracleLinux 4 : polkit-0.96-5.AXS4 (AXSA:2013-629:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-629:01 advisory. PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004354)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004354 advisory. In PolicyKit aka polkit 0.115, the start time protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly...

CVE-2025-67603

A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31...

Photon OS 4.0: Polkit PHSA-2025-4.0-0903

An update of the polkit package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0903. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2011-1488

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-6133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PolicyKit aka polkit 0.115, the start time protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

NetworkManager-libreswan: Local privilege escalation via leftupdown

A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading t...

Mozilla VPN Security Breach

Mozilla VPN is an open source virtual private network web browser extension, desktop application and mobile application from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla VPN Linux that stems from the application's invalid Polkit authentication check and...

[SECURITY] Fedora 37 Update: polkit-kde-5.27.1-1.fc37

Provides Policy Kit Authentication Agent that nicely fits to KDE...

SUSE CVE-2010-0750

pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument...

SUSE CVE-2015-3256

PolicyKit aka polkit before 0.113 allows local users to cause a denial of service memory corruption and polkitd daemon crash and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a privilege escalation vulnerability in the polkit package. The target product/service is polkit, a Linux system policy kit. The vulnerability class/vector is a privilege escalation vulnerability. The probable entry points are the gconv-modules file and the...

[SECURITY] Fedora 34 Update: polkit-kde-5.21.3-1.fc34

Provides Policy Kit Authentication Agent that nicely fits to KDE...

Fedora: Security Advisory for polkit-kde (FEDORA-2021-85c9774673)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2020-6168 · Packagekit +3 · Packagekit +3

Name of the Vulnerable Software and Affected Versions: PackageKit affected versions not specified Description: The issue is related to PackageKit's apt backend, which incorrectly treats all local debs as trusted. This is problematic because the apt security model relies on repository trust rather...

DEBIAN-CVE-2020-1712

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by...

screen-resolution-extra security bypass vulnerability

screen-resolution-extra is a screen resolution extension used in GNOME Desktop. A security vulnerability exists in screen-resolution-mechanism in screen-resolution-extra version 0.17.2, which stems from the program's failure to properly use the PolicyKit D-Bus API.A local attacker can exploit thi...

CVE-2018-8885

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService.checkpermission call...