Known Vulnerabilities for products from Systemd Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Systemd Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-33910 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (i... | 5.5 - MEDIUM | 2021-07-20 | 2023-11-07 |
| CVE-2021-3997 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2022-08-23 | 2023-05-03 |
| CVE-2020-13776 | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as ... | 6.7 - MEDIUM | 2020-06-03 | 2023-11-07 |
| CVE-2020-13529 | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a ... | 6.1 - MEDIUM | 2021-05-10 | 2023-11-07 |
| CVE-2020-1712 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are perfo... | 7.8 - HIGH | 2020-03-31 | 2023-11-07 |
| CVE-2019-20386 | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger com... | 2.4 - LOW | 2020-01-21 | 2023-11-07 |
| CVE-2019-15718 | In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to t... | 4.4 - MEDIUM | 2019-09-04 | 2023-11-07 |
| CVE-2019-6454 | An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variabl... | 5.5 - MEDIUM | 2019-03-21 | 2023-11-07 |
| CVE-2019-3844 | It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID ... | 7.8 - HIGH | 2019-04-26 | 2023-11-07 |
| CVE-2019-3843 | It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed t... | 7.8 - HIGH | 2019-04-26 | 2023-11-07 |
| CVE-2019-3842 | In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XD... | 7 - HIGH | 2019-04-09 | 2023-11-07 |
| CVE-2018-21029 | ** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Se... | 9.8 - CRITICAL | 2019-10-30 | 2023-11-07 |
| CVE-2018-20839 | systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, ... | 9.8 - CRITICAL | 2019-05-17 | 2023-11-07 |
| CVE-2018-16888 | It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a ser... | 4.7 - MEDIUM | 2019-01-14 | 2023-11-07 |
| CVE-2018-16866 | An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A... | 3.3 - LOW | 2019-01-11 | 2023-02-13 |
| CVE-2018-16865 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in... | 7.8 - HIGH | 2019-01-11 | 2023-02-13 |
| CVE-2018-16864 | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in... | 7.8 - HIGH | 2019-01-11 | 2023-02-13 |
| CVE-2018-15688 | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in sy... | 8.8 - HIGH | 2018-10-26 | 2022-01-31 |
| CVE-2018-15687 | A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary file... | 7 - HIGH | 2018-10-26 | 2023-04-20 |
| CVE-2018-15686 | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via N... | 7.8 - HIGH | 2018-10-26 | 2023-11-07 |