Polkit@* Security Vulnerabilities and Issues — Polkit@* CVE List

Lucene search

Polkit ProjectPolkit*

8 matches found

CVE•added 2022/01/28 8:15 p.m.•2107 views

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count ...

7.8CVSS8.5AI score0.86708EPSS

In wild

CVE•added 2022/02/16 7:15 p.m.•1057 views

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vu...

7.8CVSS6.1AI score0.08682EPSS

In wildWeb

CVE•added 2018/07/10 7:29 p.m.•244 views

CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and inform...

4.7CVSS4.5AI score0.00048EPSS

CVE•added 2015/10/26 7:59 p.m.•111 views

CVE-2015-3256

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

4.6CVSS6.5AI score0.00077EPSS

CVE•added 2015/10/26 7:59 p.m.•100 views

CVE-2015-3255

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

4.6CVSS4.5AI score0.00106EPSS

CVE•added 2013/10/03 9:55 p.m.•79 views

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --proce...

7.2CVSS6.4AI score0.00033EPSS

CVE•added 2015/10/26 7:59 p.m.•59 views

CVE-2015-4625

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

4.6CVSS4.7AI score0.00105EPSS

CVE•added 2015/10/26 7:59 p.m.•56 views

CVE-2015-3218

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

2.1CVSS4.3AI score0.00133EPSS