Filtered by vendor Systemd Project
Subscriptions
Filtered by product Systemd
Subscriptions
Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-7008 | 3 Debian, Redhat, Systemd Project | 4 Debian Linux, Cryostat, Enterprise Linux and 1 more | 2024-08-20 | 5.9 Medium |
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | ||||
CVE-2012-1101 | 1 Systemd Project | 1 Systemd | 2024-08-06 | 5.5 Medium |
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | ||||
CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2024-08-06 | N/A |
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | ||||
CVE-2013-4394 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-08-06 | N/A |
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | ||||
CVE-2013-4391 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-08-06 | N/A |
Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow. | ||||
CVE-2013-4392 | 1 Systemd Project | 1 Systemd | 2024-08-06 | N/A |
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. | ||||
CVE-2013-4393 | 1 Systemd Project | 1 Systemd | 2024-08-06 | N/A |
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. | ||||
CVE-2013-4327 | 3 Canonical, Debian, Systemd Project | 3 Ubuntu Linux, Debian Linux, Systemd | 2024-08-06 | N/A |
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
CVE-2015-7510 | 1 Systemd Project | 1 Systemd | 2024-08-06 | N/A |
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. | ||||
CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2024-08-06 | N/A |
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
CVE-2016-7796 | 3 Novell, Redhat, Systemd Project | 11 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 8 more | 2024-08-06 | N/A |
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | ||||
CVE-2016-7795 | 3 Canonical, Redhat, Systemd Project | 4 Ubuntu Linux, Enterprise Linux, Rhel Eus and 1 more | 2024-08-06 | N/A |
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. | ||||
CVE-2017-1000082 | 1 Systemd Project | 1 Systemd | 2024-08-05 | 9.8 Critical |
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. | ||||
CVE-2017-18078 | 3 Debian, Opensuse, Systemd Project | 3 Debian Linux, Leap, Systemd | 2024-08-05 | 7.8 High |
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | ||||
CVE-2017-15908 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2024-08-05 | 7.5 High |
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | ||||
CVE-2017-9445 | 1 Systemd Project | 1 Systemd | 2024-08-05 | 7.5 High |
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. | ||||
CVE-2017-9217 | 1 Systemd Project | 1 Systemd | 2024-08-05 | 7.5 High |
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. | ||||
CVE-2018-21029 | 2 Fedoraproject, Systemd Project | 2 Fedora, Systemd | 2024-08-05 | 9.8 Critical |
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent) | ||||
CVE-2018-20839 | 2 Netapp, Systemd Project | 5 Cn1610, Cn1610 Firmware, Snapprotect and 2 more | 2024-08-05 | 9.8 Critical |
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. | ||||
CVE-2018-16888 | 4 Canonical, Netapp, Redhat and 1 more | 6 Ubuntu Linux, Active Iq Performance Analytics Services, Element Software and 3 more | 2024-08-05 | 4.7 Medium |
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. |