19 matches found
EUVD-2017-16577
Malware in sbrugna...
NetworkManager-libreswan: Local privilege escalation via leftupdown
A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading t...
Exploit for Incorrect Authorization in Polkit_Project Polkit
CVE-2021-3560 Polkit Instant Root Exploit You can run one com...
Mageia: Security Advisory (MGASA-2018-0414)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 31 : systemd (2019-d5bd5f0aa4)
Update to latest release - Emission of Session property-changed notifications from logind is fixed this was breaking the switching of sessions to and from gnome. - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved. Now proper polkit authorization...
OPENSUSE-SU-2019:1246-1 Security update for blueman
This update for blueman fixes the following issues: The following security issue was addressed: - Fixed the polkit authorization checks in blueman, which previously allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authenticatio...
Security update for blueman (moderate)
openSUSE Security Update: Security update for blueman Announcement ID: openSUSE-SU-2019:1246-1 Rating: moderate References: 1083066 Affected Products: openSUSE Backports SLE-15 An update that contains security fixes can now be installed. Description: This update for blueman fixes the following...
openSUSE Security Update : blueman (openSUSE-2019-592)
This update for blueman fixes the following issues : The following security issue was addressed : - Fixed the polkit authorization checks in blueman, which previously allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without...
OPENSUSE-SU-2019:1050-1 Security update for blueman
This update for blueman fixes the following issues: The following security issue was addressed: - Fixed the polkit authorization checks in blueman, which previously allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authenticatio...
Security update for blueman (moderate)
openSUSE Security Update: Security update for blueman Announcement ID: openSUSE-SU-2019:1050-1 Rating: moderate References: 1083066 Affected Products: openSUSE Backports SLE-15 An update that contains security fixes can now be installed. Description: This update for blueman fixes the following...
MGASA-2018-0414 Updated blueman packages fix security vulnerability
Flawed polkit authorization checks in blueman allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authentication boo1083066...
Updated blueman packages fix security vulnerability
Flawed polkit authorization checks in blueman allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authentication boo1083066...
openSUSE Security Update : blueman (openSUSE-2018-855)
This update for blueman fixes the following issues : The following security issue was addressed : - Fixed the polkit authorization checks in blueman, which previously allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without...
MGASA-2017-0218 Updated cinnamon-settings-daemon packages fix security vulnerability
It was found that csd-datetime-setting SetDate DBUS function does not check the polkit authorization for the caller, Unlike SetTime...
Race condition
The checkPolkitPrivilege function in serviceHelper.py in Back In Time aka backintime 1.1.18 and earlier uses a deprecated polkit authorization method unix-process that is subject to a race condition time of check, time of use. With this authorization method, the owner of a process requesting a...
CVE-2017-7572
The checkPolkitPrivilege function in serviceHelper.py in Back In Time aka backintime 1.1.18 and earlier uses a deprecated polkit authorization method unix-process that is subject to a race condition time of check, time of use. With this authorization method, the owner of a process requesting a...
CVE-2017-7572
CVE-2017-7572 affects Back In Time (backintime) up to version 1.1.18, where _checkPolkitPrivilege in serviceHelper.py uses a deprecated polkit method (unix-process) vulnerable to a race condition via /proc//status, enabling privilege elevation given the timing of check/use. Public patching update...
CVE-2017-7572
The checkPolkitPrivilege function in serviceHelper.py in Back In Time aka backintime 1.1.18 and earlier uses a deprecated polkit authorization method unix-process that is subject to a race condition time of check, time of use. With this authorization method, the owner of a process requesting a...
Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation
Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation setroubleshoot tries to find out which rpm a particular file belongs to when it finds SELinux access violation reports. The idea is probably to have convenient reports for the admin which type enforcement rules have to be relaxed...