rpm package
suse/systemd&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26604 | — | < 228-157.52.1 | 228-157.52.1 | Mar 3, 2023 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched | ||
| CVE-2022-4415 | — | < 228-157.46.1 | 228-157.46.1 | Jan 11, 2023 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | ||
| CVE-2022-3821 | — | < 228-157.43.2 | 228-157.43.2 | Nov 8, 2022 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | ||
| CVE-2021-33910 | — | < 228-157.30.1 | 228-157.30.1 | Jul 20, 2021 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | ||
| CVE-2020-1712 | — | < 228-157.9.1 | 228-157.9.1 | Mar 31, 2020 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei | ||
| CVE-2019-20386 | — | < 228-157.12.5 | 228-157.12.5 | Jan 21, 2020 | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. |
- CVE-2023-26604Mar 3, 2023affected < 228-157.52.1fixed 228-157.52.1
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched
- CVE-2022-4415Jan 11, 2023affected < 228-157.46.1fixed 228-157.46.1
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
- CVE-2022-3821Nov 8, 2022affected < 228-157.43.2fixed 228-157.43.2
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
- CVE-2021-33910Jul 20, 2021affected < 228-157.30.1fixed 228-157.30.1
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
- CVE-2020-1712Mar 31, 2020affected < 228-157.9.1fixed 228-157.9.1
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei
- CVE-2019-20386Jan 21, 2020affected < 228-157.12.5fixed 228-157.12.5
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.