8 matches found
EulerOS 2.0 SP11 : udisks2 (EulerOS-SA-2025-2249)
According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...
VulnCheck KEV: CVE-2025-6019
A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...
EulerOS 2.0 SP12 : libblockdev (EulerOS-SA-2025-2045)
According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...
EulerOS 2.0 SP10 : udisks2 (EulerOS-SA-2025-2089)
According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...
CVE-2025-6019
CVE-2025-6019 is a local privilege escalation in libblockdev that leverages the interaction with the udisks daemon and the Polkit “allow_active” setting to allow a physically present user to escalate to root. The issue arises when an attacker crafts an XFS image containing a SUID-root shell and m...
EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-1599)
According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd: Spoofing of XDGSEAT allows for actions to be checked against 'allowactive' instead of 'allowany'.CVE-2019-3842 Note that Tenable Network...
EulerOS 2.0 SP2 : systemd (EulerOS-SA-2019-1344)
According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd: Spoofing of XDGSEAT allows for actions to be checked against 'allowactive' instead of 'allowany'.CVE-2019-3842 Note that Tenable Network...
DEBIAN-CVE-2019-3842
In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...