Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Systemd
(Systemd_project)| Repositories |
• https://github.com/systemd/systemd
• https://github.com/keszybz/systemd |
| #Vulnerabilities | 47 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-04 | CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems_8_s390x, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_ibm_z_systems_eus_s390x, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Openshift_container_platform, Systemd | 4.4 | ||
| 2020-01-21 | CVE-2019-20386 | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Steelstore_cloud_integrated_storage, Leap, Systemd | 2.4 | ||
| 2020-03-31 | CVE-2020-1712 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. | Debian_linux, Ceph_storage, Discovery, Enterprise_linux, Migration_toolkit, Openshift_container_platform, Systemd | 7.8 | ||
| 2020-06-03 | CVE-2020-13776 | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | Fedora, Active_iq_unified_manager, Solidfire_\&_hci_management_node, Systemd | 6.7 | ||
| 2021-05-10 | CVE-2020-13529 | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | Fedora, Active_iq_unified_manager, Cloud_backup, Systemd | 6.1 | ||
| 2021-07-20 | CVE-2021-33910 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | Debian_linux, Fedora, Hci_management_node, Solidfire, Systemd | 5.5 | ||
| 2022-11-08 | CVE-2022-3821 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | Fedora, Enterprise_linux, Systemd | 5.5 | ||
| 2022-11-23 | CVE-2022-45873 | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. | Fedora, Systemd | 5.5 | ||
| 2023-03-03 | CVE-2023-26604 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | Systemd | 7.8 | ||
| 2016-10-13 | CVE-2016-7796 | The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_server_for_sap, Suse_linux_enterprise_software_development_kit, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Systemd | 5.5 |