Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Systemd
(Systemd_project)| Repositories |
• https://github.com/systemd/systemd
• https://github.com/keszybz/systemd |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-17 | CVE-2018-20839 | systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. | Cn1610_firmware, Snapprotect, Solidfire_\&_hci_management_node, Systemd | 4.3 | ||
| 2023-01-11 | CVE-2022-4415 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | Systemd | 5.5 | ||
| 2023-01-11 | CVE-2022-4415 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | Systemd | 5.5 | ||
| 2023-01-11 | CVE-2022-4415 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | Systemd | 5.5 | ||
| 2022-11-08 | CVE-2022-3821 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | Fedora, Enterprise_linux, Systemd | 5.5 | ||
| 2023-06-13 | CVE-2023-31437 | An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | Systemd | 5.3 | ||
| 2017-05-24 | CVE-2017-9217 | systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. | Systemd | 7.5 | ||
| 2020-03-31 | CVE-2020-1712 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. | Debian_linux, Ceph_storage, Discovery, Enterprise_linux, Migration_toolkit, Openshift_container_platform, Systemd | 7.8 | ||
| 2021-05-10 | CVE-2020-13529 | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | Fedora, Active_iq_unified_manager, Cloud_backup, Systemd | 6.1 | ||
| 2022-08-23 | CVE-2021-3997 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | Fedora, Enterprise_linux, Systemd | 5.5 |