Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fwr3-kw1f-bbbp

Summary polkit is vulnerable to local privilege escalation.

Aliases

alias	CVE-2015-3255

Fixed_packages

url	pkg:deb/debian/policykit-1@0.105-12?distro=trixie
purl	pkg:deb/debian/policykit-1@0.105-12?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-12%3Fdistro=trixie

url pkg:deb/debian/policykit-1@0.105-15~deb8u2

purl pkg:deb/debian/policykit-1@0.105-15~deb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-15~deb8u2

url pkg:deb/debian/policykit-1@0.105-31%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/policykit-1@0.105-31%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5y4d-ph3y-5qgd

vulnerability	VCID-f2ed-c3rs-yqgz

vulnerability	VCID-hxfb-cmwp-j7c4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-31%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/policykit-1@122-3?distro=trixie

purl pkg:deb/debian/policykit-1@122-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5y4d-ph3y-5qgd

vulnerability	VCID-hxfb-cmwp-j7c4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@122-3%3Fdistro=trixie

url pkg:deb/debian/policykit-1@126-2?distro=trixie

purl pkg:deb/debian/policykit-1@126-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5y4d-ph3y-5qgd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@126-2%3Fdistro=trixie

url	pkg:deb/debian/policykit-1@127-2?distro=trixie
purl	pkg:deb/debian/policykit-1@127-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@127-2%3Fdistro=trixie

url	pkg:ebuild/sys-auth/polkit@0.113
purl	pkg:ebuild/sys-auth/polkit@0.113
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-auth/polkit@0.113

Affected_packages

url pkg:deb/debian/policykit-1@0.96-4%2Bsqueeze2

purl pkg:deb/debian/policykit-1@0.96-4%2Bsqueeze2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-3h84-z3yw-uydr

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-6s5p-ucft-ukad

vulnerability	VCID-97e5-xezy-wbf6

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-dn8s-xk69-qugj

vulnerability	VCID-fqxp-t48y-1khf

vulnerability	VCID-fwr3-kw1f-bbbp

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.96-4%252Bsqueeze2

url pkg:deb/debian/policykit-1@0.105-3

purl pkg:deb/debian/policykit-1@0.105-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-6s5p-ucft-ukad

vulnerability	VCID-97e5-xezy-wbf6

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-fqxp-t48y-1khf

vulnerability	VCID-fwr3-kw1f-bbbp

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-3

url pkg:deb/debian/policykit-1@0.105-8

purl pkg:deb/debian/policykit-1@0.105-8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-6s5p-ucft-ukad

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-fqxp-t48y-1khf

vulnerability	VCID-fwr3-kw1f-bbbp

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-8

References

reference_url	http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
reference_id
reference_type
scores
url	http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3255.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3255.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3255

reference_id

reference_type

scores

value	0.00106
scoring_system	epss
scoring_elements	0.28585
published_at	2026-04-21T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28685
published_at	2026-04-01T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28767
published_at	2026-04-02T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28815
published_at	2026-04-04T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28622
published_at	2026-04-07T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28687
published_at	2026-04-12T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28726
published_at	2026-04-09T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28731
published_at	2026-04-11T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28639
published_at	2026-04-13T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28658
published_at	2026-04-16T12:55:00Z

value	0.00106
scoring_system	epss
scoring_elements	0.28634
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3255

reference_url	https://bugs.freedesktop.org/show_bug.cgi?id=83590
reference_id
reference_type
scores
url	https://bugs.freedesktop.org/show_bug.cgi?id=83590

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3255
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3255

reference_url	http://www.securitytracker.com/id/1035023
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035023

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1245673
reference_id	1245673
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1245673

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796134
reference_id	796134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polkit_project:polkit::::::::
reference_id	cpe:2.3:a:polkit_project:polkit::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polkit_project:polkit::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3255

reference_id

CVE-2015-3255

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3255

reference_url	https://security.gentoo.org/glsa/201611-07
reference_id	GLSA-201611-07
reference_type
scores
url	https://security.gentoo.org/glsa/201611-07

reference_url	https://usn.ubuntu.com/3717-1/
reference_id	USN-3717-1
reference_type
scores
url	https://usn.ubuntu.com/3717-1/

reference_url	https://usn.ubuntu.com/3717-2/
reference_id	USN-3717-2
reference_type
scores
url	https://usn.ubuntu.com/3717-2/

Weaknesses

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Exploits

Severity_range_score 4.6 - 4.6

Exploitability 0.5

Weighted_severity 4.1

Risk_score 2.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwr3-kw1f-bbbp

Vulnerability Instance