Known Vulnerabilities for products from Systemd Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Systemd Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40228 json | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" ... | Not Provided | 2026-04-10 | 2026-04-17 |
| CVE-2026-40227 json | In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has ... | Not Provided | 2026-04-10 | 2026-04-14 |
| CVE-2026-40226 json | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. | Not Provided | 2026-04-10 | 2026-04-17 |
| CVE-2026-29111 json | systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is m... | Not Provided | 2026-03-23 | 2026-04-15 |
| CVE-2023-31439 json | ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log fil... | 5.3 - MEDIUM | 2023-06-13 | 2023-12-21 |
| CVE-2023-31438 json | ** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing... | 5.3 - MEDIUM | 2023-06-13 | 2023-12-21 |
| CVE-2023-31437 json | ** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not... | 5.3 - MEDIUM | 2023-06-13 | 2023-11-07 |
| CVE-2023-26604 json | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers... | 7.8 - HIGH | 2023-03-03 | 2023-11-07 |
| CVE-2023-7008 json | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers... | 5.9 - MEDIUM | 2023-12-23 | 2024-01-27 |
| CVE-2022-45873 json | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace... | 5.5 - MEDIUM | 2022-11-23 | 2023-11-07 |
| CVE-2022-4415 json | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respe... | 5.5 - MEDIUM | 2023-01-11 | 2023-02-02 |
| CVE-2022-3821 json | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply sp... | 5.5 - MEDIUM | 2022-11-08 | 2023-11-07 |
| CVE-2022-2526 json | A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_comp... | 9.8 - CRITICAL | 2022-09-09 | 2023-01-20 |
| CVE-2021-33910 json | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (i... | 5.5 - MEDIUM | 2021-07-20 | 2023-11-07 |
| CVE-2021-3997 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2022-08-23 | 2023-05-03 |
| CVE-2020-13776 json | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as ... | 6.7 - MEDIUM | 2020-06-03 | 2023-11-07 |
| CVE-2020-13529 json | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a ... | 6.1 - MEDIUM | 2021-05-10 | 2023-11-07 |
| CVE-2020-1712 json | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are perfo... | 7.8 - HIGH | 2020-03-31 | 2023-11-07 |
| CVE-2019-20386 json | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger com... | 2.4 - LOW | 2020-01-21 | 2023-11-07 |
| CVE-2019-15718 json | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to t... | 4.4 - MEDIUM | 2019-09-04 | 2023-11-07 |