Lucene search

K

4 matches found

CVE
CVE
added 2022/01/28 8:15 p.m.2124 views

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count ...

7.8CVSS8.5AI score0.87723EPSS
In wild
CVE
CVE
added 2022/02/16 7:15 p.m.1065 views

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vu...

7.8CVSS6.1AI score0.08682EPSS
In wildWeb
CVE
CVE
added 2018/07/10 7:29 p.m.248 views

CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and inform...

4.7CVSS4.5AI score0.00048EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.82 views

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --proce...

7.2CVSS6.4AI score0.00033EPSS