National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): systemd
There are 62 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity

An issue was discovered in UCMS 1.4.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.

Published: September 14, 2018; 03:29:00 AM -04:00
(not available)

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.

Published: March 21, 2018; 05:29:00 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.

Published: March 19, 2018; 02:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

Published: February 16, 2018; 04:29:00 PM -05:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.

Published: February 13, 2018; 03:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.

Published: February 02, 2018; 09:29:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

Unquoted Windows search path vulnerability in NSClient++ before allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.

Published: January 31, 2018; 11:29:00 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH

systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.

Published: January 29, 2018; 12:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.

Published: October 26, 2017; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH

In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.

Published: October 26, 2017; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.

Published: September 25, 2017; 05:29:00 PM -04:00
V2: 7.5 HIGH

debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).

Published: July 23, 2017; 04:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

Published: July 07, 2017; 01:29:00 PM -04:00
V2: 10.0 HIGH

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.

Published: June 28, 2017; 02:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe.

Published: June 16, 2017; 09:29:00 AM -04:00
V3: 8.4 HIGH
V2: 7.2 HIGH

Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.

Published: June 08, 2017; 08:29:00 AM -04:00
V3: 7.3 HIGH
V2: 6.9 MEDIUM

systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.

Published: May 24, 2017; 01:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.

Published: May 12, 2017; 03:29:00 AM -04:00
V3: 4.6 MEDIUM
V2: 2.1 LOW

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

Published: April 11, 2017; 11:59:00 AM -04:00
V3: 6.7 MEDIUM
V2: 4.6 MEDIUM

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.

Published: March 24, 2017; 03:59:00 AM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM