Vulnerabilities > Systemd Project > Systemd > 242
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2023-26604 | Unspecified vulnerability in Systemd Project Systemd systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. | 7.8 |
| 2022-11-08 | CVE-2022-3821 | Off-by-one Error vulnerability in multiple products An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. | 5.5 |
| 2022-08-23 | CVE-2021-3997 | Uncontrolled Recursion vulnerability in multiple products A flaw was found in systemd. | 5.5 |
| 2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 5.5 |
| 2020-06-03 | CVE-2020-13776 | Improper Privilege Management vulnerability in multiple products systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. | 6.7 |
| 2020-03-31 | CVE-2020-1712 | Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. | 7.8 |
| 2020-01-21 | CVE-2019-20386 | Memory Leak vulnerability in multiple products An issue was discovered in button_open in login/logind-button.c in systemd before 243. | 2.4 |
| 2019-10-30 | CVE-2018-21029 | Improper Certificate Validation vulnerability in multiple products systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. | 9.8 |
| 2019-05-17 | CVE-2018-20839 | Information Exposure vulnerability in multiple products systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. | 9.8 |
| 2019-04-09 | CVE-2019-3842 | Incorrect Authorization vulnerability in multiple products In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. | 7.0 |