Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): systemd
  • Search Type: Search All
There are 100 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Published: July 20, 2021; 3:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM

SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php.

Published: June 29, 2021; 1:15:07 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

Published: June 01, 2021; 9:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Published: May 10, 2021; 12:15:07 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 2.9 LOW

The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.

Published: January 04, 2021; 12:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15

Published: December 09, 2020; 12:15:30 PM -0500
V3.1: 7.9 HIGH
V2.0: 3.3 LOW

An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.

Published: October 21, 2020; 3:15:14 PM -0400
V3.1: 7.3 HIGH
V2.0: 4.4 MEDIUM

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.

Published: September 04, 2020; 12:15:12 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.

Published: June 22, 2020; 10:15:11 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.

Published: June 12, 2020; 12:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Published: June 02, 2020; 11:15:10 PM -0400
V3.1: 6.7 MEDIUM
V2.0: 6.2 MEDIUM

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.

Published: March 31, 2020; 1:15:26 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

Published: March 11, 2020; 11:15:16 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Published: March 02, 2020; 11:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init program, and is a closed-source proprietary tool that seems to be developed by Microvirt). This program opens TCP port 21509, presumably to receive installation-related commands from the host OS. Because everything after the installer:uninstall command is concatenated directly into a system() call, it is possible to execute arbitrary commands by supplying shell metacharacters.

Published: February 11, 2020; 7:15:20 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH

rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.

Published: January 27, 2020; 12:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users.

Published: January 23, 2020; 4:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP.

Published: January 23, 2020; 4:15:12 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

Published: January 21, 2020; 1:15:11 AM -0500
V3.1: 2.4 LOW
V2.0: 2.1 LOW

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.

Published: December 24, 2019; 10:15:11 AM -0500
V3.1: 7.3 HIGH
V2.0: 6.9 MEDIUM