rpm package
suse/systemd&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/systemd&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26604 | — | < 228-150.108.2 | 228-150.108.2 | Mar 3, 2023 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched | ||
| CVE-2022-4415 | — | < 228-150.108.2 | 228-150.108.2 | Jan 11, 2023 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | ||
| CVE-2022-3821 | — | < 228-150.108.2 | 228-150.108.2 | Nov 8, 2022 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | ||
| CVE-2021-33910 | — | < 228-150.98.1 | 228-150.98.1 | Jul 20, 2021 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. |
- CVE-2023-26604Mar 3, 2023affected < 228-150.108.2fixed 228-150.108.2
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched
- CVE-2022-4415Jan 11, 2023affected < 228-150.108.2fixed 228-150.108.2
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
- CVE-2022-3821Nov 8, 2022affected < 228-150.108.2fixed 228-150.108.2
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
- CVE-2021-33910Jul 20, 2021affected < 228-150.98.1fixed 228-150.98.1
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.