Lucene search
K

10 matches found

NVD
NVD
added 2025/03/17 3:15 p.m.15 views

CVE-2025-27512

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

5.9CVSS0.00175EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/17 2:46 p.m.14 views

Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...

5.9CVSS6.1AI score0.00175EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/03/17 2:46 p.m.11 views

GHSA-W6FV-6GCC-X825 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Impact Zincati ships a polkit rule which allows the zincati system user to use the following actions: - org.projectatomic.rpmostree1.deploy: used to deploy updates to the system - org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati...

5.9CVSS6.1AI score0.00175EPSS
Exploits0References7
CVE
CVE
added 2025/03/17 2:46 p.m.75 views

CVE-2025-27512

CVE-2025-27512 affects Zincati’s polkit rule for Fedora CoreOS. A logic error in Zincati v0.0.24–v0.0.29 broadens access to the actions org.projectatomic.rpmostree1.deploy and org.projectatomic.rpmostree1.finalize-deployment to any unprivileged user with system D-Bus access, allowing deployment o...

5.9CVSS6.7AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2025/03/17 2:46 p.m.13 views

CVE-2025-27512 Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods

Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the zincati system user to use the actions org.projectatomic.rpmostree1.deploy to deploy updates to the system and org.projectatomic.rpmostree1.finalize-deployment to reboot the system into the...

5.9CVSS6.1AI score0.00175EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2018/04/25 12:0 a.m.16 views

openSUSE: Security Advisory for PackageKit (openSUSE-SU-2018:1049-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS4.8AI score0.00393EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/04/24 12:6 a.m.60 views

Security update for PackageKit (important)

This update for PackageKit fixes the following security issue: - CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. This update was imported from the SUSE:SLE-12-SP2:Update update project...

3.2AI score0.00393EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/04/24 12:0 a.m.39 views

SUSE SLED12 / SLES12 Security Update : PackageKit (SUSE-SU-2018:1047-1)

CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password bsc1086936. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean...

5.5CVSS5.6AI score0.00393EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/01/04 12:0 a.m.23 views

GLSA-201512-12 : KDE Systemsettings: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201512-12 KDE Systemsettings: Privilege escalation KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact : A local attacker could gain privileges via a crafte...

7.2CVSS5.5AI score0.00388EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2015/12/30 12:0 a.m.25 views

KDE Systemsettings: Privilege escalation

Background KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. Description KDE Systemsettings fails to properly validate user input before passing it as argument in context of higher privilege. Impact A local attacker...

7.2CVSS6.2AI score0.00388EPSS
Exploits0
Rows per page
Query Builder