Search CVE reports


Toggle filters

11 – 20 of 50 results


CVE-2021-33910

High priority
Fixed

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-13529

Low priority

Some fixes available 12 of 13

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-13776

Low priority
Ignored

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Ignored Ignored Ignored
Show less packages

CVE-2020-1712

Medium priority

Some fixes available 13 of 14

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-20386

Low priority

Some fixes available 3 of 5

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-21029

Low priority
Ignored

** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend....

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Not affected Not affected
Show less packages

CVE-2019-15718

Medium priority
Fixed

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Not affected
Show less packages

CVE-2018-20839

Medium priority
Ignored

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-3844

Low priority

Some fixes available 1 of 3

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Not affected
Show less packages

CVE-2019-3843

Low priority

Some fixes available 1 of 3

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use...

1 affected packages

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Not affected
Show less packages