Filtered by vendor Systemd Project
Subscriptions
Filtered by product Systemd
Subscriptions
Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-4415 | 2 Redhat, Systemd Project | 3 Enterprise Linux, Rhel Eus, Systemd | 2024-08-03 | 5.5 Medium |
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | ||||
CVE-2022-3821 | 3 Fedoraproject, Redhat, Systemd Project | 4 Fedora, Enterprise Linux, Rhel Eus and 1 more | 2024-08-03 | 5.5 Medium |
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | ||||
CVE-2022-2526 | 3 Netapp, Redhat, Systemd Project | 14 Active Iq Unified Manager, H300s, H300s Firmware and 11 more | 2024-08-03 | 9.8 Critical |
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. | ||||
CVE-2023-31439 | 1 Systemd Project | 1 Systemd | 2024-08-02 | 5.3 Medium |
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
CVE-2023-31438 | 1 Systemd Project | 1 Systemd | 2024-08-02 | 5.3 Medium |
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
CVE-2023-31437 | 1 Systemd Project | 1 Systemd | 2024-08-02 | 5.3 Medium |
An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
CVE-2023-26604 | 2 Redhat, Systemd Project | 3 Enterprise Linux, Rhel Eus, Systemd | 2024-08-02 | 7.8 High |
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. |