Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6s5p-ucft-ukad

Summary polkit: potential information disclosure vulnerability due to cookie counter wrapping

Aliases

alias	CVE-2015-4625

Fixed_packages

url	pkg:deb/debian/policykit-1@0.105-12?distro=trixie
purl	pkg:deb/debian/policykit-1@0.105-12?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-12%3Fdistro=trixie

url pkg:deb/debian/policykit-1@0.105-15~deb8u2

purl pkg:deb/debian/policykit-1@0.105-15~deb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-15~deb8u2

url pkg:deb/debian/policykit-1@0.105-31%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/policykit-1@0.105-31%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5y4d-ph3y-5qgd

vulnerability	VCID-f2ed-c3rs-yqgz

vulnerability	VCID-hxfb-cmwp-j7c4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-31%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/policykit-1@122-3?distro=trixie

purl pkg:deb/debian/policykit-1@122-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5y4d-ph3y-5qgd

vulnerability	VCID-hxfb-cmwp-j7c4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@122-3%3Fdistro=trixie

url pkg:deb/debian/policykit-1@126-2?distro=trixie

purl pkg:deb/debian/policykit-1@126-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5y4d-ph3y-5qgd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@126-2%3Fdistro=trixie

url	pkg:deb/debian/policykit-1@127-2?distro=trixie
purl	pkg:deb/debian/policykit-1@127-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@127-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/policykit-1@0.96-4%2Bsqueeze2

purl pkg:deb/debian/policykit-1@0.96-4%2Bsqueeze2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-3h84-z3yw-uydr

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-6s5p-ucft-ukad

vulnerability	VCID-97e5-xezy-wbf6

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-dn8s-xk69-qugj

vulnerability	VCID-fqxp-t48y-1khf

vulnerability	VCID-fwr3-kw1f-bbbp

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.96-4%252Bsqueeze2

url pkg:deb/debian/policykit-1@0.105-3

purl pkg:deb/debian/policykit-1@0.105-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-6s5p-ucft-ukad

vulnerability	VCID-97e5-xezy-wbf6

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-fqxp-t48y-1khf

vulnerability	VCID-fwr3-kw1f-bbbp

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-3

url pkg:deb/debian/policykit-1@0.105-8

purl pkg:deb/debian/policykit-1@0.105-8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2uwh-8f3g-6kc4

vulnerability	VCID-66y9-wrsz-gud9

vulnerability	VCID-6s5p-ucft-ukad

vulnerability	VCID-d7rm-by3r-v3h3

vulnerability	VCID-fqxp-t48y-1khf

vulnerability	VCID-fwr3-kw1f-bbbp

vulnerability	VCID-mmjs-fy7f-fkbt

vulnerability	VCID-yee7-fp2m-r7eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-8

References

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html

reference_url	http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
reference_id
reference_type
scores
url	http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html

reference_url	http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html
reference_id
reference_type
scores
url	http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html

reference_url	http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
reference_id
reference_type
scores
url	http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4625.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4625.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-4625

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28475
published_at	2026-04-21T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28575
published_at	2026-04-01T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28662
published_at	2026-04-02T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28708
published_at	2026-04-04T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28513
published_at	2026-04-07T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28578
published_at	2026-04-08T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28618
published_at	2026-04-09T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.2862
published_at	2026-04-11T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28577
published_at	2026-04-12T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28528
published_at	2026-04-13T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28548
published_at	2026-04-16T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28523
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-4625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4625

reference_url	http://www.openwall.com/lists/oss-security/2015/06/08/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/06/08/3

reference_url	http://www.openwall.com/lists/oss-security/2015/06/09/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/06/09/1

reference_url	http://www.openwall.com/lists/oss-security/2015/06/16/21
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/06/16/21

reference_url	http://www.securityfocus.com/bid/75267
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/75267

reference_url	http://www.securitytracker.com/id/1035023
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035023

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1233808
reference_id	1233808
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1233808

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796134
reference_id	796134
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polkit_project:polkit::::::::
reference_id	cpe:2.3:a:polkit_project:polkit::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polkit_project:polkit::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-4625

reference_id

CVE-2015-4625

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-4625

reference_url	https://usn.ubuntu.com/3717-1/
reference_id	USN-3717-1
reference_type
scores
url	https://usn.ubuntu.com/3717-1/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

cwe_id	189
name	Numeric Errors
description	Weaknesses in this category are related to improper calculation or conversion of numbers.

Exploits

Severity_range_score 4.6 - 4.6

Exploitability 0.5

Weighted_severity 4.1

Risk_score 2.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6s5p-ucft-ukad

Vulnerability Instance