{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45650?format=json","vulnerability_id":"VCID-97e5-xezy-wbf6","summary":"A race condition in polkit could allow a local attacker to gain\n    escalated privileges.","aliases":[{"alias":"CVE-2013-4288"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/935561?format=json","purl":"pkg:deb/debian/policykit-1@0.105-3%2Bnmu1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-3%252Bnmu1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1037137?format=json","purl":"pkg:deb/debian/policykit-1@0.105-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uwh-8f3g-6kc4"},{"vulnerability":"VCID-66y9-wrsz-gud9"},{"vulnerability":"VCID-6s5p-ucft-ukad"},{"vulnerability":"VCID-d7rm-by3r-v3h3"},{"vulnerability":"VCID-eqar-k6xk-1ufh"},{"vulnerability":"VCID-f2ed-c3rs-yqgz"},{"vulnerability":"VCID-fqxp-t48y-1khf"},{"vulnerability":"VCID-fwr3-kw1f-bbbp"},{"vulnerability":"VCID-mmjs-fy7f-fkbt"},{"vulnerability":"VCID-yee7-fp2m-r7eg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-8"},{"url":"http://public2.vulnerablecode.io/api/packages/935555?format=json","purl":"pkg:deb/debian/policykit-1@0.105-31%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5y4d-ph3y-5qgd"},{"vulnerability":"VCID-eqar-k6xk-1ufh"},{"vulnerability":"VCID-f2ed-c3rs-yqgz"},{"vulnerability":"VCID-hxfb-cmwp-j7c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-31%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935553?format=json","purl":"pkg:deb/debian/policykit-1@122-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5y4d-ph3y-5qgd"},{"vulnerability":"VCID-eqar-k6xk-1ufh"},{"vulnerability":"VCID-hxfb-cmwp-j7c4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@122-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935557?format=json","purl":"pkg:deb/debian/policykit-1@126-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5y4d-ph3y-5qgd"},{"vulnerability":"VCID-eqar-k6xk-1ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@126-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/935556?format=json","purl":"pkg:deb/debian/policykit-1@127-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eqar-k6xk-1ufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@127-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081561?format=json","purl":"pkg:deb/debian/policykit-1@127-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@127-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/76590?format=json","purl":"pkg:ebuild/app-emulation/libvirt@0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/76591?format=json","purl":"pkg:ebuild/app-emulation/libvirt@1.1.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@1.1.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/76592?format=json","purl":"pkg:ebuild/app-emulation/libvirt@3.14.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@3.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76593?format=json","purl":"pkg:ebuild/app-emulation/libvirt@204-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-emulation/libvirt@204-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/76583?format=json","purl":"pkg:ebuild/net-misc/spice-gtk@0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/spice-gtk@0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/76584?format=json","purl":"pkg:ebuild/net-misc/spice-gtk@3.14.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/spice-gtk@3.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76582?format=json","purl":"pkg:ebuild/net-print/hplip@3.14.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-print/hplip@3.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76586?format=json","purl":"pkg:ebuild/sys-apps/systemd@0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-apps/systemd@0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/76587?format=json","purl":"pkg:ebuild/sys-apps/systemd@3.14.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-apps/systemd@3.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76588?format=json","purl":"pkg:ebuild/sys-apps/systemd@204-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-apps/systemd@204-r1"},{"url":"http://public2.vulnerablecode.io/api/packages/76596?format=json","purl":"pkg:ebuild/sys-auth/polkit@0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-auth/polkit@0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/76597?format=json","purl":"pkg:ebuild/sys-auth/polkit@0.112","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-auth/polkit@0.112"},{"url":"http://public2.vulnerablecode.io/api/packages/76598?format=json","purl":"pkg:ebuild/sys-auth/polkit@1.1.2-r3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-auth/polkit@1.1.2-r3"},{"url":"http://public2.vulnerablecode.io/api/packages/76599?format=json","purl":"pkg:ebuild/sys-auth/polkit@3.14.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-auth/polkit@3.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76600?format=json","purl":"pkg:ebuild/sys-auth/polkit@204-r1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-auth/polkit@204-r1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037135?format=json","purl":"pkg:deb/debian/policykit-1@0.96-4%2Bsqueeze2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uwh-8f3g-6kc4"},{"vulnerability":"VCID-3h84-z3yw-uydr"},{"vulnerability":"VCID-66y9-wrsz-gud9"},{"vulnerability":"VCID-6s5p-ucft-ukad"},{"vulnerability":"VCID-97e5-xezy-wbf6"},{"vulnerability":"VCID-d7rm-by3r-v3h3"},{"vulnerability":"VCID-dn8s-xk69-qugj"},{"vulnerability":"VCID-eqar-k6xk-1ufh"},{"vulnerability":"VCID-f2ed-c3rs-yqgz"},{"vulnerability":"VCID-fqxp-t48y-1khf"},{"vulnerability":"VCID-fwr3-kw1f-bbbp"},{"vulnerability":"VCID-mmjs-fy7f-fkbt"},{"vulnerability":"VCID-yee7-fp2m-r7eg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.96-4%252Bsqueeze2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037136?format=json","purl":"pkg:deb/debian/policykit-1@0.105-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uwh-8f3g-6kc4"},{"vulnerability":"VCID-66y9-wrsz-gud9"},{"vulnerability":"VCID-6s5p-ucft-ukad"},{"vulnerability":"VCID-97e5-xezy-wbf6"},{"vulnerability":"VCID-d7rm-by3r-v3h3"},{"vulnerability":"VCID-eqar-k6xk-1ufh"},{"vulnerability":"VCID-f2ed-c3rs-yqgz"},{"vulnerability":"VCID-fqxp-t48y-1khf"},{"vulnerability":"VCID-fwr3-kw1f-bbbp"},{"vulnerability":"VCID-mmjs-fy7f-fkbt"},{"vulnerability":"VCID-yee7-fp2m-r7eg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/policykit-1@0.105-3"},{"url":"http://public2.vulnerablecode.io/api/packages/123840?format=json","purl":"pkg:rpm/redhat/polkit@0.96-5?arch=el6_4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-97e5-xezy-wbf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/polkit@0.96-5%3Farch=el6_4"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4288.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4288.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4288","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14192","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14087","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14167","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14039","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1412","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14119","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14078","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14025","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13919","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13909","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13988","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14028","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14003","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13814","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13973","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14061","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1405","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14093","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4288"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4288","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4288"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002375","reference_id":"1002375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002375"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723717","reference_id":"723717","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723717"},{"reference_url":"https://security.gentoo.org/glsa/201406-27","reference_id":"GLSA-201406-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1270","reference_id":"RHSA-2013:1270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1270"},{"reference_url":"https://usn.ubuntu.com/1953-1/","reference_id":"USN-1953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1953-1/"}],"weaknesses":[{"cwe_id":362,"name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","description":"The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently."}],"exploits":[],"severity_range_score":"6.9 - 6.9","exploitability":"0.5","weighted_severity":"3.5","risk_score":1.8,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97e5-xezy-wbf6"}