rpm package
suse/polkit&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3560 | — | KEV | < 0.113-5.21.1 | 0.113-5.21.1 | Feb 16, 2022 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest | |
| CVE-2021-4034 | — | KEV | < 0.113-5.24.1 | 0.113-5.24.1 | Jan 28, 2022 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the callin | |
| CVE-2019-6133 | — | < 0.113-5.18.1 | 0.113-5.18.1 | Jan 11, 2019 | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. | ||
| CVE-2018-19788 | — | < 0.113-5.15.1 | 0.113-5.15.1 | Dec 3, 2018 | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | ||
| CVE-2018-1116 | — | < 0.113-5.9.1 | 0.113-5.9.1 | Jul 10, 2018 | A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a l |
- affected < 0.113-5.21.1fixed 0.113-5.21.1
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest
- affected < 0.113-5.24.1fixed 0.113-5.24.1
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the callin
- CVE-2019-6133Jan 11, 2019affected < 0.113-5.18.1fixed 0.113-5.18.1
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2018-19788Dec 3, 2018affected < 0.113-5.15.1fixed 0.113-5.15.1
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
- CVE-2018-1116Jul 10, 2018affected < 0.113-5.9.1fixed 0.113-5.9.1
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a l