Filtered by vendor Systemd Project Subscriptions
Filtered by product Systemd Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-7008 3 Debian, Redhat, Systemd Project 4 Debian Linux, Cryostat, Enterprise Linux and 1 more 2024-08-20 5.9 Medium
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
CVE-2012-1101 1 Systemd Project 1 Systemd 2024-08-06 5.5 Medium
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
CVE-2012-0871 2 Opensuse, Systemd Project 2 Opensuse, Systemd 2024-08-06 N/A
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
CVE-2013-4394 2 Debian, Systemd Project 2 Debian Linux, Systemd 2024-08-06 N/A
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters."
CVE-2013-4391 2 Debian, Systemd Project 2 Debian Linux, Systemd 2024-08-06 N/A
Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.
CVE-2013-4392 1 Systemd Project 1 Systemd 2024-08-06 N/A
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
CVE-2013-4393 1 Systemd Project 1 Systemd 2024-08-06 N/A
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.
CVE-2013-4327 3 Canonical, Debian, Systemd Project 3 Ubuntu Linux, Debian Linux, Systemd 2024-08-06 N/A
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2015-7510 1 Systemd Project 1 Systemd 2024-08-06 N/A
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.
CVE-2016-10156 1 Systemd Project 1 Systemd 2024-08-06 N/A
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
CVE-2016-7796 3 Novell, Redhat, Systemd Project 11 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 8 more 2024-08-06 N/A
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
CVE-2016-7795 3 Canonical, Redhat, Systemd Project 4 Ubuntu Linux, Enterprise Linux, Rhel Eus and 1 more 2024-08-06 N/A
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
CVE-2017-1000082 1 Systemd Project 1 Systemd 2024-08-05 9.8 Critical
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
CVE-2017-18078 3 Debian, Opensuse, Systemd Project 3 Debian Linux, Leap, Systemd 2024-08-05 7.8 High
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
CVE-2017-15908 2 Canonical, Systemd Project 2 Ubuntu Linux, Systemd 2024-08-05 7.5 High
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
CVE-2017-9445 1 Systemd Project 1 Systemd 2024-08-05 7.5 High
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
CVE-2017-9217 1 Systemd Project 1 Systemd 2024-08-05 7.5 High
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
CVE-2018-21029 2 Fedoraproject, Systemd Project 2 Fedora, Systemd 2024-08-05 9.8 Critical
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)
CVE-2018-20839 2 Netapp, Systemd Project 5 Cn1610, Cn1610 Firmware, Snapprotect and 2 more 2024-08-05 9.8 Critical
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
CVE-2018-16888 4 Canonical, Netapp, Redhat and 1 more 6 Ubuntu Linux, Active Iq Performance Analytics Services, Element Software and 3 more 2024-08-05 4.7 Medium
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.