Vulnerabilities > Systemd Project > Systemd > 175
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-11 | CVE-2018-16865 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. | 7.8 |
2019-01-11 | CVE-2018-16864 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. | 7.8 |
2018-10-26 | CVE-2018-15688 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. | 5.8 |
2018-02-16 | CVE-2018-1049 | Race Condition vulnerability in multiple products In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. | 4.3 |
2018-02-13 | CVE-2018-6954 | Link Following vulnerability in multiple products systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. | 7.8 |
2018-01-29 | CVE-2017-18078 | Link Following vulnerability in multiple products systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | 7.8 |
2017-07-07 | CVE-2017-1000082 | Improper Privilege Management vulnerability in Systemd Project Systemd systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. | 10.0 |
2017-05-24 | CVE-2017-9217 | NULL Pointer Dereference vulnerability in Systemd Project Systemd systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. | 5.0 |
2013-10-28 | CVE-2013-4394 | Incorrect Default Permissions vulnerability in multiple products The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | 5.9 |
2013-10-28 | CVE-2013-4393 | Unspecified vulnerability in Systemd Project Systemd journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. | 2.1 |