Vulnerabilities (CVE)

Filtered by vendor Polkit Project Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2013-4288	4 Canonical, Opensuse, Polkit Project and 1 more	4 Ubuntu Linux, Opensuse, Polkit and 1 more	2020-11-16	7.2 HIGH	N/A
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
CVE-2015-3256	2 Opensuse, Polkit Project	2 Opensuse, Polkit	2018-10-30	4.6 MEDIUM	N/A
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
CVE-2015-4625	3 Fedoraproject, Opensuse, Polkit Project	3 Fedora, Opensuse, Polkit	2018-10-30	4.6 MEDIUM	N/A
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
CVE-2015-3255	1 Polkit Project	1 Polkit	2018-07-28	4.6 MEDIUM	N/A
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
CVE-2015-3218	1 Polkit Project	1 Polkit	2018-07-18	2.1 LOW	N/A
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.