rpm package
suse/systemd&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6454 | — | < 210-116.22.1 | 210-116.22.1 | Mar 17, 2019 | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a speciall | ||
| CVE-2018-16865 | — | < 210-116.19.1 | 210-116.19.1 | Jan 11, 2019 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw | ||
| CVE-2018-16864 | — | < 210-116.19.1 | 210-116.19.1 | Jan 11, 2019 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate hi | ||
| CVE-2018-15686 | — | < 210-116.19.1 | 210-116.19.1 | Oct 26, 2018 | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versi | ||
| CVE-2016-7796 | Med | 5.5 | < 210-114.1 | 210-114.1 | Oct 13, 2016 | The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | |
| CVE-2015-8842 | Low | 3.3 | < 210-104.1 | 210-104.1 | Apr 20, 2016 | tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. | |
| CVE-2014-9770 | Low | 3.3 | < 210-104.1 | 210-104.1 | Apr 20, 2016 | tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files. |
- CVE-2019-6454Mar 17, 2019affected < 210-116.22.1fixed 210-116.22.1
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a speciall
- CVE-2018-16865Jan 11, 2019affected < 210-116.19.1fixed 210-116.19.1
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw
- CVE-2018-16864Jan 11, 2019affected < 210-116.19.1fixed 210-116.19.1
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate hi
- CVE-2018-15686Oct 26, 2018affected < 210-116.19.1fixed 210-116.19.1
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versi
- affected < 210-114.1fixed 210-114.1
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
- affected < 210-104.1fixed 210-104.1
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.
- affected < 210-104.1fixed 210-104.1
tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.