Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
systemd project vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-2526
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callb...
Systemd Project Systemd 240
Netapp Active Iq Unified Manager -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
9.8
CVSSv3
CVE-2018-21029
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability ...
Systemd Project Systemd
Fedoraproject Fedora 31
9.8
CVSSv3
CVE-2018-20839
systemd 242 changes the VT1 mode upon a logout, which allows malicious users to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.
Systemd Project Systemd 242
Netapp Cn1610 Firmware -
Netapp Solidfire \\& Hci Management Node -
Netapp Snapprotect -
1 Github repository
9.8
CVSSv3
CVE-2015-7510
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.
Systemd Project Systemd 223
9.8
CVSSv3
CVE-2017-1000082
systemd v233 and previous versions fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
Systemd Project Systemd
2 Github repositories
7.8
CVSSv3
CVE-2023-26604
systemd prior to 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may...
Systemd Project Systemd
6 Github repositories
7.8
CVSSv3
CVE-2020-1712
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate thei...
Systemd Project Systemd
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Discovery -
Redhat Migration Toolkit 1.0
Redhat Ceph Storage 4.0
Debian Debian Linux 9.0
1 Github repository
1 Article
7.8
CVSSv3
CVE-2019-3843
It exists that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potenti...
Systemd Project Systemd
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapprotect -
Netapp Cn1610 Firmware -
1 EDB exploit
7.8
CVSSv3
CVE-2019-3844
It exists that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources...
Systemd Project Systemd
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Snapprotect -
Netapp Cn1610 Firmware -
1 EDB exploit
7.8
CVSSv3
CVE-2018-15686
A vulnerability in unit_deserialize of systemd allows an malicious user to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd...
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Systemd Project Systemd
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.4.0
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »