Vulnerabilities (CVE)

Filtered by vendor Systemd Project Subscribe
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20839 2 Netapp, Systemd Project 5 Cn1610, Cn1610 Firmware, Snapprotect and 2 more 2024-10-24 4.3 MEDIUM 4.3 MEDIUM
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
CVE-2017-1000082 1 Systemd Project 1 Systemd 2024-10-11 10.0 HIGH 9.8 CRITICAL
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
CVE-2023-7008 2 Debian, Systemd Project 2 Debian Linux, Systemd 2024-09-16 N/A 5.9 MEDIUM
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
CVE-2018-21029 2 Fedoraproject, Systemd Project 2 Fedora, Systemd 2024-08-05 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent).
CVE-2023-31439 1 Systemd Project 1 Systemd 2024-08-02 N/A 5.3 MEDIUM
An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
CVE-2023-31438 1 Systemd Project 1 Systemd 2024-08-02 N/A 5.3 MEDIUM
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
CVE-2022-45873 2 Fedoraproject, Systemd Project 2 Fedora, Systemd 2024-02-04 N/A 5.5 MEDIUM
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.
CVE-2023-26604 1 Systemd Project 1 Systemd 2024-02-04 N/A 7.8 HIGH
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
CVE-2022-3821 3 Fedoraproject, Redhat, Systemd Project 3 Fedora, Enterprise Linux, Systemd 2024-02-04 N/A 5.5 MEDIUM
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
CVE-2022-2526 1 Systemd Project 1 Systemd 2024-02-04 N/A 9.8 CRITICAL
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
CVE-2021-3997 3 Fedoraproject, Redhat, Systemd Project 3 Fedora, Enterprise Linux, Systemd 2024-02-04 N/A 5.5 MEDIUM
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
CVE-2021-33910 4 Debian, Fedoraproject, Netapp and 1 more 5 Debian Linux, Fedora, Hci Management Node and 2 more 2024-02-04 4.9 MEDIUM 5.5 MEDIUM
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
CVE-2020-13529 3 Fedoraproject, Netapp, Systemd Project 3 Fedora, Active Iq Unified Manager, Systemd 2024-02-04 2.9 LOW 6.1 MEDIUM
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
CVE-2020-1712 3 Debian, Redhat, Systemd Project 7 Debian Linux, Ceph Storage, Discovery and 4 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVE-2020-13776 3 Fedoraproject, Netapp, Systemd Project 4 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 1 more 2024-02-04 6.2 MEDIUM 6.7 MEDIUM
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVE-2012-1101 1 Systemd Project 1 Systemd 2024-02-04 2.1 LOW 5.5 MEDIUM
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
CVE-2019-20386 5 Canonical, Fedoraproject, Netapp and 2 more 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more 2024-02-04 2.1 LOW 2.4 LOW
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
CVE-2019-15718 3 Fedoraproject, Redhat, Systemd Project 14 Fedora, Enterprise Linux, Enterprise Linux Eus and 11 more 2024-02-04 3.6 LOW 4.4 MEDIUM
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.
CVE-2019-3844 3 Canonical, Netapp, Systemd Project 7 Ubuntu Linux, Cn1610, Cn1610 Firmware and 4 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
CVE-2019-3843 4 Canonical, Fedoraproject, Netapp and 1 more 8 Ubuntu Linux, Fedora, Cn1610 and 5 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.