10 matches found
CVE-2025-27512
Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...
GHSA-W6FV-6GCC-X825 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...
CVE-2025-27512
CVE-2025-27512 affects Zincati’s polkit rule for Fedora CoreOS. A logic error in Zincati v0.0.24–v0.0.29 broadens access to the actions org.projectatomic.rpmostree1.deploy and org.projectatomic.rpmostree1.finalize-deployment to any unprivileged user with system D-Bus access, allowing deployment o...
CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...
openSUSE: Security Advisory for PackageKit (openSUSE-SU-2018:1049-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for PackageKit (important)
This update for PackageKit fixes the following security issue: - CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. This update was imported from the SUSE:SLE-12-SP2:Update update project...
SUSE SLED12 / SLES12 Security Update : PackageKit (SUSE-SU-2018:1047-1)
CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean...
GLSA-201512-12 : KDE Systemsettings: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201512-12 KDE Systemsettings: Privilege escalation KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact : A local attacker could gain privileges via a crafte...
KDE Systemsettings: Privilege escalation
Background KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. Description KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact A local attacker...