VYPR
Vendor

Polkit Org

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2025-14338HigJan 14, 2026
    risk 0.55cvss epss 0.00

    Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005.

  • CVE-2021-3560KEVFeb 16, 2022
    risk 0.16cvss epss 0.22

    It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest…

  • CVE-2025-7519Jul 14, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a…

  • CVE-2021-4115Feb 21, 2022
    risk 0.00cvss epss 0.01

    There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and…

  • CVE-2019-6133Jan 11, 2019
    risk 0.00cvss epss 0.00

    In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

  • CVE-2018-1116MedJul 10, 2018
    risk 0.00cvss 4.4epss 0.01

    A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a…

  • CVE-2015-3256Oct 26, 2015
    risk 0.00cvss epss 0.00

    PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

  • CVE-2015-3218Oct 26, 2015
    risk 0.00cvss epss 0.00

    The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an…

  • CVE-2013-4288Oct 3, 2013
    risk 0.00cvss epss 0.00

    Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus…