VYPR

Systemd

by Systemd Project

Source repositories

CVEs (53)

  • CVE-2026-40228LowApr 10, 2026
    risk 0.19cvss 2.9epss 0.00

    In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

  • CVE-2015-8842LowApr 20, 2016
    risk 0.14cvss 3.3epss 0.00

    tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.

  • CVE-2019-3843Apr 26, 2019
    risk 0.03cvss epss 0.01

    It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by…

  • CVE-2019-3844Apr 26, 2019
    risk 0.03cvss epss 0.01

    It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access…

  • CVE-2019-3842Apr 9, 2019
    risk 0.03cvss epss 0.01

    In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be…

  • CVE-2021-33910Jul 20, 2021
    risk 0.01cvss epss 0.09

    basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

  • CVE-2023-31438Jun 13, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security…

  • CVE-2023-31439Jun 13, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the…

  • CVE-2023-31437Jun 13, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

  • CVE-2023-26604Mar 3, 2023
    risk 0.00cvss epss 0.01

    systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be…

  • CVE-2022-4415Jan 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

  • CVE-2022-45873Nov 23, 2022
    risk 0.00cvss epss 0.00

    systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put…

  • CVE-2022-3821Nov 8, 2022
    risk 0.00cvss epss 0.00

    An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

  • CVE-2022-2526Sep 9, 2022
    risk 0.00cvss epss 0.01

    A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks…

  • CVE-2021-3997Aug 23, 2022
    risk 0.00cvss epss 0.02

    A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

  • CVE-2020-13529May 10, 2021
    risk 0.00cvss epss 0.01

    An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to…

  • CVE-2020-13776Jun 3, 2020
    risk 0.00cvss epss 0.00

    systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for…

  • CVE-2020-1712Mar 31, 2020
    risk 0.00cvss epss 0.00

    A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate…

  • CVE-2012-1101Mar 11, 2020
    risk 0.00cvss epss 0.00

    systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

  • CVE-2019-20386Jan 21, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.