Filtered by vendor Systemd Project
Subscriptions
Filtered by product Systemd
Subscriptions
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000082 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 9.8 Critical |
| systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. | ||||
| CVE-2017-15908 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2025-04-20 | 7.5 High |
| In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | ||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2025-04-20 | N/A |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | ||||
| CVE-2015-7510 | 1 Systemd Project | 1 Systemd | 2025-04-20 | N/A |
| Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. | ||||
| CVE-2017-9445 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 7.5 High |
| In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. | ||||
| CVE-2017-9217 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 7.5 High |
| systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. | ||||
| CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2025-04-12 | N/A |
| The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | ||||
| CVE-2016-7795 | 3 Canonical, Redhat, Systemd Project | 4 Ubuntu Linux, Enterprise Linux, Rhel Eus and 1 more | 2025-04-12 | N/A |
| The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. | ||||
| CVE-2016-7796 | 3 Novell, Redhat, Systemd Project | 11 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 8 more | 2025-04-12 | N/A |
| The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | ||||
| CVE-2013-4327 | 3 Canonical, Debian, Systemd Project | 3 Ubuntu Linux, Debian Linux, Systemd | 2025-04-11 | N/A |
| systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-4394 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2025-04-11 | N/A |
| The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | ||||
| CVE-2013-4391 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2025-04-11 | N/A |
| Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow. | ||||
| CVE-2013-4393 | 1 Systemd Project | 1 Systemd | 2025-04-11 | N/A |
| journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. | ||||
| CVE-2023-31437 | 1 Systemd Project | 1 Systemd | 2025-01-03 | 5.3 Medium |
| An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
| CVE-2023-7008 | 3 Debian, Redhat, Systemd Project | 4 Debian Linux, Cryostat, Enterprise Linux and 1 more | 2024-11-23 | 5.9 Medium |
| A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | ||||
| CVE-2023-31439 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 5.3 Medium |
| An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
| CVE-2023-31438 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 5.3 Medium |
| An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
| CVE-2022-2526 | 3 Netapp, Redhat, Systemd Project | 14 Active Iq Unified Manager, H300s, H300s Firmware and 11 more | 2024-11-21 | 9.8 Critical |
| A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. | ||||
| CVE-2021-3997 | 3 Fedoraproject, Redhat, Systemd Project | 3 Fedora, Enterprise Linux, Systemd | 2024-11-21 | 5.5 Medium |
| A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | ||||
| CVE-2020-13529 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-11-21 | 6.1 Medium |
| An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | ||||