CVE-2021-4115 |
AVG-2654 |
Medium |
No |
Denial of service |
There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion. |
CVE-2021-4034 |
AVG-2654 |
High |
No |
Privilege escalation |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged... |
CVE-2021-3560 |
AVG-2028 |
Medium |
No |
Privilege escalation |
A security issue was found in polkit before version 0.119. When a requesting process disconnects from dbus-daemon just before the call to... |
CVE-2019-6133 |
AVG-897 |
High |
No |
Authentication bypass |
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions... |
CVE-2018-19788 |
AVG-828 |
High |
No |
Privilege escalation |
A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command. |