VYPR

Systemd

by Systemd Project

Source repositories

CVEs (53)

  • CVE-2018-21029Oct 30, 2019
    risk 0.00cvss epss 0.03

    systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability…

  • CVE-2019-15718Sep 4, 2019
    risk 0.00cvss epss 0.01

    In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by…

  • CVE-2018-20839May 17, 2019
    risk 0.00cvss epss 0.02

    systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

  • CVE-2019-6454Mar 17, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a…

  • CVE-2018-15687Oct 26, 2018
    risk 0.00cvss epss 0.01

    A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

  • CVE-2018-15686Oct 26, 2018
    risk 0.00cvss epss 0.02

    A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd…

  • CVE-2018-15688Oct 26, 2018
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

  • CVE-2012-0871Apr 18, 2014
    risk 0.00cvss epss 0.00

    The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

  • CVE-2013-4394Oct 28, 2013
    risk 0.00cvss epss 0.00

    The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain…

  • CVE-2013-4393Oct 28, 2013
    risk 0.00cvss epss 0.00

    journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.

  • CVE-2013-4391Oct 28, 2013
    risk 0.00cvss epss 0.05

    Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

  • CVE-2013-4327Oct 3, 2013
    risk 0.00cvss epss 0.00

    systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to…

  • CVE-2012-1174Jul 12, 2012
    risk 0.00cvss epss 0.00

    The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."

Page 3 of 3