479 matches found
SUSE CVE-2011-1485
Race condition in the pkexec utility and polkitd daemon in PolicyKit aka polkit 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID...
SUSE CVE-2011-2176
GNOME NetworkManager before 0.8.6 does not properly enforce the authadmin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors...
SUSE CVE-2011-3364
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute...
SUSE CVE-2011-4945
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication...
SUSE CVE-2013-4288
Race condition in PolicyKit aka polkit allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to 1 the polkitunixprocessnew API function, 2 the dbus API, or 3 the --process...
SUSE CVE-2013-4394
The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...
SUSE CVE-2015-3255
The polkitbackendactionpoolinit function in polkitbackend/polkitbackendactionpool.c in PolicyKit aka polkit before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions...
SUSE CVE-2015-4625
Integer overflow in the authenticationagentnewcookie function in PolicyKit aka polkit before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value...
SUSE CVE-2018-19788
A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl command...
SUSE CVE-2019-6133
In PolicyKit aka polkit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c...
The vulnerability of the software platform for managing administrative policies and privileges, Policykit, is related to the lack of mechanisms for encoding or shielding output data. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the software platform for managing administrative policies and privileges related to Policykit lies in the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity,...
Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-4034 DESCRIPTION: Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect handling of the argument vectors in the pkexec utility. By crafting...
Ubuntu: Security Advisory (USN-3717-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3861-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-5252-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3934-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Incorrect Authorization in Polkit_Project Polkit
PolicyKit CVE-2021-3560 Exploitation Authentication Agent ====...
Exploit for Incorrect Authorization in Polkit_Project Polkit
PolicyKit CVE-2021-3560 Exploit Authentication Agent ====...
USU Oracle Optimization 访问控制错误漏洞
USU Oracle Optimization is used to improve the performance of Oracle queries.USU Oracle Optimization versions prior to 5.17.5 have an authorization issue vulnerability that stems from a lack of Polkit authentication, which can be exploited by an attacker to achieve root user access via pkexec...
Ubuntu: Security Advisory (USN-5304-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...