Vulnerabilities > Systemd Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 5.5 |
2021-05-10 | CVE-2020-13529 | Authentication Bypass by Spoofing vulnerability in multiple products An exploitable denial-of-service vulnerability exists in Systemd 245. | 6.1 |
2020-06-03 | CVE-2020-13776 | Improper Privilege Management vulnerability in multiple products systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. | 6.7 |
2020-03-31 | CVE-2020-1712 | Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. | 7.8 |
2020-03-11 | CVE-2012-1101 | Unspecified vulnerability in Systemd Project Systemd 37 systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | 5.5 |
2020-01-21 | CVE-2019-20386 | Memory Leak vulnerability in multiple products An issue was discovered in button_open in login/logind-button.c in systemd before 243. | 2.4 |
2019-10-30 | CVE-2018-21029 | Improper Certificate Validation vulnerability in multiple products systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. | 9.8 |
2019-09-04 | CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. | 4.4 |
2019-05-17 | CVE-2018-20839 | systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. | 4.3 |
2019-04-26 | CVE-2019-3844 | Privilege Chaining vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. | 7.8 |