Lucene search
K

479 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1485

Race condition in the pkexec utility and polkitd daemon in PolicyKit aka polkit 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID...

6.9CVSS6.9AI score0.05246EPSS
Exploits17References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-2176

GNOME NetworkManager before 0.8.6 does not properly enforce the authadmin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors...

2.1CVSS8.3AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.4 views

SUSE CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute...

6.9CVSS8.6AI score0.00459EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.4 views

SUSE CVE-2011-4945

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication...

6.9CVSS6.9AI score0.00352EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.2 views

SUSE CVE-2013-4288

Race condition in PolicyKit aka polkit allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to 1 the polkitunixprocessnew API function, 2 the dbus API, or 3 the --process...

7.2CVSS6.9AI score0.00342EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.3 views

SUSE CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...

5.9CVSS6.8AI score0.00337EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.3 views

SUSE CVE-2015-3255

The polkitbackendactionpoolinit function in polkitbackend/polkitbackendactionpool.c in PolicyKit aka polkit before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions...

4.6CVSS6.6AI score0.00365EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.1 views

SUSE CVE-2015-4625

Integer overflow in the authenticationagentnewcookie function in PolicyKit aka polkit before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value...

4.6CVSS6.5AI score0.00405EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.4 views

SUSE CVE-2018-19788

A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...

5.6CVSS6.7AI score0.11483EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.3 views

SUSE CVE-2019-6133

In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...

6.7CVSS8.3AI score0.00446EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2022/11/22 12:0 a.m.13 views

The vulnerability of the software platform for managing administrative policies and privileges, Policykit, is related to the lack of mechanisms for encoding or shielding output data. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the software platform for managing administrative policies and privileges related to Policykit lies in the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity,...

7.8CVSS7.2AI score0.00351EPSS
Exploits0References7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 8:10 p.m.71 views

Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect handling of the argument vectors in the pkexec utility. By crafting...

7.8CVSS8.2AI score0.94921EPSS
Exploits151Affected Software1
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-3717-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS5.3AI score0.01196EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.10 views

Ubuntu: Security Advisory (USN-3861-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.8AI score0.11483EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.13 views

Ubuntu: Security Advisory (USN-5252-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.6AI score0.94921EPSS
Exploits151References4
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-3934-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS7AI score0.00446EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2022/04/30 5:53 a.m.277 views

Exploit for Incorrect Authorization in Polkit_Project Polkit

PolicyKit CVE-2021-3560 Exploitation Authentication Agent ====...

7.8CVSS8.4AI score0.22193EPSS
Exploits37
GithubExploit
GithubExploit
added 2022/04/29 6:57 p.m.378 views

Exploit for Incorrect Authorization in Polkit_Project Polkit

PolicyKit CVE-2021-3560 Exploit Authentication Agent ====...

7.8CVSS8.6AI score0.22193EPSS
Exploits37
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.5 views

USU Oracle Optimization 访问控制错误漏洞

USU Oracle Optimization is used to improve the performance of Oracle queries.USU Oracle Optimization versions prior to 5.17.5 have an authorization issue vulnerability that stems from a lack of Polkit authentication, which can be exploited by an attacker to achieve root user access via pkexec...

7.8CVSS5.7AI score0.00326EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/03/01 12:0 a.m.9 views

Ubuntu: Security Advisory (USN-5304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.0053EPSS
Exploits1References2
Rows per page
Query Builder