Every CVE whose affected-product data names Polkit Project Polkit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2018-19788 — CVSS 8.8 (high): A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl…
CVE-2013-4288 — CVSS 7.2 (high): Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a…
CVE-2019-6133 — CVSS 6.7 (medium): In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore…
CVE-2021-4115 — CVSS 5.5 (medium): There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The…
CVE-2015-4625 — CVSS 4.6 (medium): Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain…
CVE-2015-3256 — CVSS 4.6 (medium): PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and…
CVE-2015-3255 — CVSS 4.6 (medium): The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow…
CVE-2018-1116 — CVSS 4.4 (medium): A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization…
CVE-2015-3218 — CVSS 2.1 (low): The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows…