Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Systemd
(Systemd_project)| Repositories |
• https://github.com/systemd/systemd
• https://github.com/keszybz/systemd |
| #Vulnerabilities | 47 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-30 | CVE-2018-21029 | systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent) | Fedora, Systemd | 9.8 | ||
| 2023-06-13 | CVE-2023-31438 | An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | Systemd | 5.3 | ||
| 2023-06-13 | CVE-2023-31437 | An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | Systemd | 5.3 | ||
| 2023-06-13 | CVE-2023-31439 | An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | Systemd | 5.3 |