📦

kauth

Vendor: kde

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 0 Remote Access

Total CVEs 21 Total Indexed

Avg. EPSS 1.36% Exploit Prob.

Latest CVE CVE-2019-7443 May 07

Security Vulnerability Index

Page 1 / 3

8.1 CVSS

CVE-2019-7443

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

EPSS: 3.75%

Severity: HIGH

May 07, 2019

7.8 CVSS

CVE-2017-8422

Exploit Found

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

EPSS: 0.31%

Severity: HIGH

May 17, 2017

6.9 CVSS

CVE-2014-5033

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

EPSS: 0.03%

Severity: MEDIUM

Aug 19, 2014

Displaying 3 of 21 Total Entries

1 2 3

Total 3 Sections