Search CVE reports


Toggle filters

21 – 30 of 50 results


CVE-2019-3842

Medium priority
Fixed

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT...

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed
Show less packages

CVE-2019-6454

Medium priority
Fixed

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged...

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed
Show less packages

CVE-2019-3815

Medium priority
Not affected

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the...

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Not affected Not affected
Show less packages

CVE-2018-16888

Low priority
Fixed

It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is...

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Not affected Fixed
Show less packages

CVE-2018-16866

Medium priority
Fixed

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed
Show less packages

CVE-2018-16865

High priority
Fixed

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if...

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed
Show less packages

CVE-2018-16864

High priority
Fixed

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use...

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed
Show less packages

CVE-2018-15688

Medium priority
Fixed

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

2 affected packages

network-manager, systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
network-manager Fixed Fixed
systemd Fixed Fixed
Show less packages

CVE-2018-15687

Medium priority
Fixed

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed
Show less packages

CVE-2018-15686

Medium priority
Fixed

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to...

1 affected package

systemd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
systemd Fixed Fixed
Show less packages