rpm package
opensuse/polkit&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/polkit&distro=openSUSE%20Leap%2015.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-4115 | — | < 0.116-3.9.1 | 0.116-3.9.1 | Feb 21, 2022 | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and | ||
| CVE-2021-3560 | — | KEV | < 0.116-3.3.1 | 0.116-3.3.1 | Feb 16, 2022 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest | |
| CVE-2021-4034 | — | KEV | < 0.116-3.6.1 | 0.116-3.6.1 | Jan 28, 2022 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the callin |
- CVE-2021-4115Feb 21, 2022affected < 0.116-3.9.1fixed 0.116-3.9.1
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and
- affected < 0.116-3.3.1fixed 0.116-3.3.1
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest
- affected < 0.116-3.6.1fixed 0.116-3.6.1
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the callin