CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html	Third Party Advisory VDB Entry
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001	Mitigation Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025869	Issue Tracking Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf	Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt	Exploit Mitigation Third Party Advisory
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
https://www.starwindsoftware.com/security/sw-20220818-0001/	Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020564	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*
	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:suse:enterprise_storage:7.0:::::::*
	cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:::-:::*
	cpe:2.3:a:suse:manager_proxy:4.1:::::::*
	cpe:2.3:a:suse:manager_server:4.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::sap::*
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5::::::

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

Configuration 6 (hide)

cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 8 (hide)

OR	cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871::::::
	cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:::::::*
	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338::::::

History

18 Oct 2023, 01:15

Type	Values Removed	Values Added
References		(MISC) https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/ -

11 Sep 2023, 19:45

Type	Values Removed	Values Added
CWE		CWE-125

13 Feb 2023, 21:15

Type	Values Removed	Values Added
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0273', 'name': 'https://access.redhat.com/errata/RHSA-2022:0273', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0270', 'name': 'https://access.redhat.com/errata/RHSA-2022:0270', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0443', 'name': 'https://access.redhat.com/errata/RHSA-2022:0443', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0267', 'name': 'https://access.redhat.com/errata/RHSA-2022:0267', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0540', 'name': 'https://access.redhat.com/errata/RHSA-2022:0540', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0266', 'name': 'https://access.redhat.com/errata/RHSA-2022:0266', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2021-4034', 'name': 'https://access.redhat.com/security/cve/CVE-2021-4034', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0272', 'name': 'https://access.redhat.com/errata/RHSA-2022:0272', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0268', 'name': 'https://access.redhat.com/errata/RHSA-2022:0268', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0271', 'name': 'https://access.redhat.com/errata/RHSA-2022:0271', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0274', 'name': 'https://access.redhat.com/errata/RHSA-2022:0274', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0265', 'name': 'https://access.redhat.com/errata/RHSA-2022:0265', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2022:0269', 'name': 'https://access.redhat.com/errata/RHSA-2022:0269', 'tags': [], 'refsource': 'MISC'}~~
Summary	~~CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector~~	A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

02 Feb 2023, 21:21

Type	Values Removed	Values Added
References		(MISC) https://access.redhat.com/errata/RHSA-2022:0273 - (MISC) https://access.redhat.com/errata/RHSA-2022:0270 - (MISC) https://access.redhat.com/errata/RHSA-2022:0443 - (MISC) https://access.redhat.com/errata/RHSA-2022:0267 - (MISC) https://access.redhat.com/errata/RHSA-2022:0540 - (MISC) https://access.redhat.com/errata/RHSA-2022:0266 - (MISC) https://access.redhat.com/security/cve/CVE-2021-4034 - (MISC) https://access.redhat.com/errata/RHSA-2022:0272 - (MISC) https://access.redhat.com/errata/RHSA-2022:0268 - (MISC) https://access.redhat.com/errata/RHSA-2022:0271 - (MISC) https://access.redhat.com/errata/RHSA-2022:0274 - (MISC) https://access.redhat.com/errata/RHSA-2022:0265 - (MISC) https://access.redhat.com/errata/RHSA-2022:0269 -
Summary	A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.	CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector

25 Oct 2022, 16:59

Type	Values Removed	Values Added
CPE		cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:::::::* cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:::::: cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871::::::
First Time		Starwindsoftware starwind Hyperconverged Appliance Starwindsoftware command Center Starwindsoftware starwind Virtual San Starwindsoftware
References	~~(MISC) https://www.starwindsoftware.com/security/sw-20220818-0001/ -~~	(MISC) https://www.starwindsoftware.com/security/sw-20220818-0001/ - Third Party Advisory

11 Oct 2022, 23:15

Type	Values Removed	Values Added
References		(MISC) https://www.starwindsoftware.com/security/sw-20220818-0001/ -

05 Oct 2022, 16:32

Type	Values Removed	Values Added
CPE		cpe:2.3:o:siemens:scalance_lpe9403_firmware:::::::: cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::* cpe:2.3:h:siemens:scalance_lpe9403:-:::::::* cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::* cpe:2.3:a:siemens:sinumerik_edge::::::::
First Time		Oracle http Server Siemens scalance Lpe9403 Siemens sinumerik Edge Oracle zfs Storage Appliance Kit Siemens scalance Lpe9403 Firmware Oracle Siemens
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf - Third Party Advisory
References	~~(MISC) http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html - Third Party Advisory~~	(MISC) http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html - Third Party Advisory, VDB Entry
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory

14 Jun 2022, 10:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf -

20 Apr 2022, 00:16

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

18 Apr 2022, 09:58

Type	Values Removed	Values Added
First Time		Suse linux Enterprise Desktop Suse manager Proxy Suse linux Enterprise Workstation Extension Suse Suse manager Server Suse enterprise Storage Suse linux Enterprise Server Suse linux Enterprise High Performance Computing
CPE		cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:::-:::* cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:::::: cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:::::: cpe:2.3:a:suse:manager_proxy:4.1:::::::* cpe:2.3:a:suse:enterprise_storage:7.0:::::::* cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::-::* cpe:2.3:a:suse:manager_server:4.1:::::::* cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::sap::*
References	~~(MISC) http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html -~~	(MISC) http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html - Third Party Advisory
References	~~(MISC) https://www.suse.com/support/kb/doc/?id=000020564 -~~	(MISC) https://www.suse.com/support/kb/doc/?id=000020564 - Third Party Advisory
References	~~(MISC) http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html -~~	(MISC) http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry

14 Apr 2022, 15:15

Type	Values Removed	Values Added
References		(MISC) https://www.suse.com/support/kb/doc/?id=000020564 -

04 Mar 2022, 19:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html -

03 Mar 2022, 19:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html -

31 Jan 2022, 17:50

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Desktop Redhat enterprise Linux Server Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Canonical ubuntu Linux Redhat enterprise Linux Server Aus Redhat enterprise Linux For Power Little Endian Eus Canonical Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Scientific Computing Redhat enterprise Linux For Power Big Endian Redhat enterprise Linux Server Update Services For Sap Solutions Polkit Project polkit Redhat enterprise Linux Workstation Polkit Project Redhat enterprise Linux Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Server Eus Redhat
References	~~(MISC) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt -~~	(MISC) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt - Exploit, Mitigation, Third Party Advisory
References	~~(MISC) https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 -~~	(MISC) https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 - Mitigation, Vendor Advisory
References	~~(MISC) https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 -~~	(MISC) https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 - Patch, Third Party Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2025869 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2025869 - Issue Tracking, Patch, Vendor Advisory
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8
CPE		cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:::::::* cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts::: cpe:2.3:a:polkit_project:polkit:::::::: cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*

28 Jan 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-28 20:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-4034

Mitre link : CVE-2021-4034

CVE.ORG link : CVE-2021-4034

JSON object : View

Products Affected

redhat

enterprise_linux_server_aus
enterprise_linux_server_tus
enterprise_linux_eus
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_power_little_endian_eus
enterprise_linux_for_scientific_computing
enterprise_linux_server_eus
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_for_power_little_endian
enterprise_linux_for_power_big_endian
enterprise_linux_desktop
enterprise_linux
enterprise_linux_server_update_services_for_sap_solutions

oracle

http_server
zfs_storage_appliance_kit

suse

linux_enterprise_high_performance_computing
enterprise_storage
linux_enterprise_desktop
linux_enterprise_server
manager_server
linux_enterprise_workstation_extension
manager_proxy

siemens

scalance_lpe9403_firmware
scalance_lpe9403
sinumerik_edge

starwindsoftware

starwind_virtual_san
starwind_hyperconverged_appliance
command_center

polkit_project

polkit

canonical

ubuntu_linux

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

7.8 /10