CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2023/02/15 4:47 a.m.•2 views

SUSE CVE-2017-7572

The checkPolkitPrivilege function in serviceHelper.py in Back In Time aka backintime 1.1.18 and earlier uses a deprecated polkit authorization method unix-process that is subject to a race condition time of check, time of use. With this authorization method, the owner of a process requesting a...

8.1CVSS6.9AI score0.00647EPSS

Exploits0References3

Microsoft KB•added 2020/04/09 12:0 a.m.•78 views

Update Rollup 12 for System Center 2012 R2 Operations Manager

Update Rollup 12 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 12 for Microsoft System Center 2012 R2 Operations Manager. It also contains the installation instructions for this update. Issues that are fixed in Operatio...

7.6AI score

Microsoft KB•added 2020/04/09 12:0 a.m.•98 views

Update Rollup 2 for System Center 2016 Operations Manager

Update Rollup 2 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center 2016 Operations Manager. It also contains the installation instructions for this update. Issues that are fixed in this update roll...

7.1AI score

UbuntuCve•added 2019/01/26 11:29 p.m.•19 views

CVE-2019-6976

libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image...

5.3CVSS6.8AI score0.00267EPSS

Exploits0References5

Prion•added 2017/04/06 6:59 p.m.•11 views

Race condition

9.3CVSS8AI score0.00647EPSS

Exploits0References1Affected Software1

OSV•added 2017/04/06 6:59 p.m.•1 views

DEBIAN-CVE-2017-7572

8.1CVSS6.9AI score0.00647EPSS

OSV•added 2017/04/06 6:59 p.m.•0 views

UBUNTU-CVE-2017-7572

8.1CVSS5.8AI score0.00647EPSS

NVD•added 2017/04/06 6:59 p.m.•10 views

CVE-2017-7572

9.3CVSS8.1AI score0.00647EPSS

OSV•added 2013/10/03 9:55 p.m.•1 views

DEBIAN-CVE-2013-4324

4.6CVSS7AI score0.00065EPSS

OSV•added 2013/10/03 9:55 p.m.•1 views

DEBIAN-CVE-2013-4327

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process, a related issue to CVE-2013-4288...

6.9CVSS6.6AI score0.00032EPSS

Debian CVE•added 2013/10/03 9:0 p.m.•29 views

CVE-2013-4288

Race condition in PolicyKit aka polkit allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to 1 the polkitunixprocessnew API function, 2 the dbus API, or 3 the --process...

7.2CVSS6.5AI score0.00054EPSS

RedHat Linux•added 2013/09/24 6:2 p.m.•2 views

rtkit: insecure calling of polkit

RealtimeKit aka rtkit 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process, a related issue to...

7.2CVSS6.6AI score0.00062EPSS

Tenable Nessus•added 2013/09/20 12:0 a.m.•30 views

Oracle Linux 6 : hplip (ELSA-2013-1274)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1274 advisory. 3.12.4-4:.1 - Applied patch to avoid unix-process authorization subject when using polkit as it is racy CVE-2013-4325. Tenable has extracted the preceding...

6.9CVSS7.6AI score0.00065EPSS

RedHat Linux•added 2013/09/19 5:58 p.m.•3 views

libvirt: insecure calling of polkit

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a 1 setuid process or 2 pkexec process, a related issue to CVE-2013-4288...

7.2CVSS6.7AI score0.00054EPSS

RedHat Linux•added 2013/09/19 5:55 p.m.•2 views

polkit: unix-process subject for authorization is racy

7.2CVSS6.7AI score0.00054EPSS

Oracle linux•added 2013/09/19 12:0 a.m.•36 views

hplip security update

3.12.4-4:.1 - Applied patch to avoid unix-process authorization subject when using polkit as it is racy CVE-2013-4325...

6.9CVSS1.3AI score0.00065EPSS

OpenVAS•added 2013/01/21 12:0 a.m.•13 views

Fedora Update for pl FEDORA-2013-0178

Check for the Version of pl OpenVAS Vulnerability Test Fedora Update for pl FEDORA-2013-0178 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the...

7.5CVSS6.4AI score0.02548EPSS

OpenVAS•added 2013/01/15 12:0 a.m.•14 views

Fedora Update for pl FEDORA-2013-0211

Check for the Version of pl OpenVAS Vulnerability Test Fedora Update for pl FEDORA-2013-0211 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the...

7.5CVSS6.4AI score0.02548EPSS

UbuntuCve•added 2007/02/03 11:28 p.m.•18 views

CVE-2007-0474

Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4kkill."...

3.3CVSS6AI score0.00072EPSS