Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1101 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | |||||
| CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2024-11-21 | 6.3 MEDIUM | N/A |
| The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | |||||
| CVE-2023-7008 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-09-16 | N/A | 5.9 MEDIUM |
| A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | |||||
| CVE-2023-31439 | 1 Systemd Project | 1 Systemd | 2024-08-02 | N/A | 5.3 MEDIUM |
| An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | |||||
| CVE-2023-31438 | 1 Systemd Project | 1 Systemd | 2024-08-02 | N/A | 5.3 MEDIUM |
| An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | |||||
| CVE-2023-31437 | 1 Systemd Project | 1 Systemd | 2024-08-02 | N/A | 5.3 MEDIUM |
| An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | |||||
| CVE-2023-26604 | 1 Systemd Project | 1 Systemd | 2024-02-28 | N/A | 7.8 HIGH |
| systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | |||||