Vulnerabilities > Systemd Project > Systemd > 241
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2023-26604 | Unspecified vulnerability in Systemd Project Systemd systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. | 7.8 |
| 2022-11-08 | CVE-2022-3821 | Off-by-one Error vulnerability in multiple products An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. | 5.5 |
| 2022-08-23 | CVE-2021-3997 | Uncontrolled Recursion vulnerability in multiple products A flaw was found in systemd. | 5.5 |
| 2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 5.5 |
| 2020-06-03 | CVE-2020-13776 | Improper Privilege Management vulnerability in multiple products systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. | 6.7 |
| 2020-03-31 | CVE-2020-1712 | Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. | 7.8 |
| 2020-01-21 | CVE-2019-20386 | Memory Leak vulnerability in multiple products An issue was discovered in button_open in login/logind-button.c in systemd before 243. | 2.4 |
| 2019-10-30 | CVE-2018-21029 | Improper Certificate Validation vulnerability in multiple products systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. | 9.8 |
| 2019-04-26 | CVE-2019-3844 | Privilege Chaining vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. | 7.8 |
| 2019-04-26 | CVE-2019-3843 | Improper Privilege Management vulnerability in multiple products It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. | 7.8 |