Systemd Project

Systemd

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-3997

Exploit
  • EPSS 0.05%
  • Veröffentlicht 23.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:23:20

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

5.5

CVE-2021-33910

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.07.2021 19:15:09
  • Zuletzt bearbeitet 09.06.2025 16:15:32

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

6.1

CVE-2020-13529

Exploit
  • EPSS 0.06%
  • Veröffentlicht 10.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:26

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and...

6.7

CVE-2020-13776

  • EPSS 0.09%
  • Veröffentlicht 03.06.2020 03:15:10
  • Zuletzt bearbeitet 09.06.2025 16:15:31

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because...

7.8

CVE-2020-1712

  • EPSS 0.11%
  • Veröffentlicht 31.03.2020 17:15:26
  • Zuletzt bearbeitet 21.11.2024 05:11:13

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially...

5.5

CVE-2012-1101

  • EPSS 0.15%
  • Veröffentlicht 11.03.2020 15:15:16
  • Zuletzt bearbeitet 21.11.2024 01:36:25

systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

2.4

CVE-2019-20386

  • EPSS 0.15%
  • Veröffentlicht 21.01.2020 06:15:11
  • Zuletzt bearbeitet 09.06.2025 16:15:30

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

9.8

CVE-2018-21029

Exploit
  • EPSS 1.56%
  • Veröffentlicht 30.10.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:02:43

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the dev...

4.4

CVE-2019-15718

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.09.2019 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:19

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivile...

4.3

CVE-2018-20839

  • EPSS 0.67%
  • Veröffentlicht 17.05.2019 04:29:00
  • Zuletzt bearbeitet 05.05.2025 14:14:36

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mo...