Policykit
by Xorg
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19788 | 0.05 | — | 0.11 | Dec 3, 2018 | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | |||
| CVE-2015-3255 | 0.00 | — | 0.00 | Oct 26, 2015 | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. | |||
| CVE-2011-4945 | 0.00 | — | 0.00 | Oct 1, 2012 | PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication. | |||
| CVE-2010-0750 | 0.00 | — | 0.00 | Apr 6, 2010 | pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. | |||
| CVE-2008-1658 | 0.00 | — | 0.01 | Apr 11, 2008 | Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. |
- CVE-2018-19788Dec 3, 2018risk 0.05cvss —epss 0.11
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
- CVE-2015-3255Oct 26, 2015risk 0.00cvss —epss 0.00
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
- CVE-2011-4945Oct 1, 2012risk 0.00cvss —epss 0.00
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.
- CVE-2010-0750Apr 6, 2010risk 0.00cvss —epss 0.00
pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.
- CVE-2008-1658Apr 11, 2008risk 0.00cvss —epss 0.01
Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.