Vulnerabilities > Polkit Project > Polkit > 0.97
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2021-3560 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. | 7.8 |
| 2022-01-28 | CVE-2021-4034 | Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. | 7.8 |
| 2018-07-10 | CVE-2018-1116 | Missing Authorization vulnerability in multiple products A flaw was found in polkit before version 0.116. | 3.6 |
| 2015-10-26 | CVE-2015-4625 | Numeric Errors vulnerability in multiple products Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. | 4.6 |
| 2015-10-26 | CVE-2015-3256 | Permissions, Privileges, and Access Controls vulnerability in multiple products PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." | 4.6 |
| 2015-10-26 | CVE-2015-3255 | Permissions, Privileges, and Access Controls vulnerability in Polkit Project Polkit The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. | 4.6 |
| 2015-10-26 | CVE-2015-3218 | Local Denial of Service vulnerability in polkit The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. | 2.1 |