CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-8885

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.1%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 4.4

References

https://usn.ubuntu.com/3607-1/
https://usn.ubuntu.com/3607-1/

Products affected by CVE-2018-8885

Canonical » Screen-Resolution-Extra » Version: 0.17.2

cpe:2.3:a:canonical:screen-resolution-extra:0.17.2
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8885

Products

Pricing

Contact Us