CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6954 – Ubuntu Security Notice USN-3816-3
https://notcve.org/view.php?id=CVE-2018-6954
13 Feb 2018 — systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. systemd-tmpfiles en systemd, hasta 237, gestiona de manera incorrecta los vínculos simbólicos presentes en componentes de ruta no terminales. Esto per... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2018-1049 – systemd: automount: access to automounted volumes can lock up
https://notcve.org/view.php?id=CVE-2018-1049
31 Jan 2018 — In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. En systemd en versiones anteriores a la 234, existe una condición de carrera entre las unidades .mount y .automount, de forma que las peticiones automount del kernel... • http://www.securitytracker.com/id/1041520 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 5CVE-2017-18078 – systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-18078
29 Jan 2018 — systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. systemd-tmpfiles en systemd en versiones anteriores a la 237 intenta soportar cambios de propiedad/permisos en archivos con vínculos ... • https://packetstorm.news/files/id/146184 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2017-15908 – systemd Network Name Resolution Manager NSEC Resource Record Pseudo-Types Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-15908
26 Oct 2017 — In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. En systemd 223 hasta 235, un servidor DNS remoto puede responder con un registro de recurso DNS NSEC manipulado de forma personalizada para desencadenar un bucle infinito en la función dns_packet_read_type_window() del servicio "systemd-resolved" y provoca... • http://www.securityfocus.com/bid/101600 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7510
https://notcve.org/view.php?id=CVE-2015-7510
25 Sep 2017 — Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. Existe un desbordamiento de búfer basado en pila en las funciones getpwnam y getgrnam del módulo NSS nss-mymachines en systemd. • https://bugzilla.redhat.com/show_bug.cgi?id=1284642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000082
https://notcve.org/view.php?id=CVE-2017-1000082
07 Jul 2017 — systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. systemd versión v233 y anteriores, no pueden analizar de forma segura los nombres de usuario que comienzan con un dígito numérico (por ejemplo, ""0day""), ejecutando el servicio en cuestión con privilegios root en lugar de lo que el usuario desea. • http://www.openwall.com/lists/oss-security/2017/07/02/1 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2017-9445 – Ubuntu Security Notice USN-3341-1
https://notcve.org/view.php?id=CVE-2017-9445
27 Jun 2017 — In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. En systemd hasta la versión 233, ciertos tamaños pasados a la función dns_packet_new en systemd-resolved pueden causar que asigne un búfer que es muy pequeñ... • http://openwall.com/lists/oss-security/2017/06/27/8 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-9217
https://notcve.org/view.php?id=CVE-2017-9217
24 May 2017 — systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. systemd-resolved hasta la versión 223 permite a los atacantes remotos provocar una denegación de servicio (daemon crash) mediante una respuesta DNS manipulada con un sección de preguntas vacía. • http://www.securityfocus.com/bid/98677 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-10156 – Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-10156
23 Jan 2017 — A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. Un fallo en systemd v228 en /src/basic/fs-util.c causó que los archivos suid de escritura universal se crearan cuando se usan las características de los temporizadores systemd, permitiendo a atacantes locales escalar sus privilegios a root. Esto se soluciona en v229. • https://packetstorm.news/files/id/140758 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2016-7795 – systemd: Assertion failure when PID 1 receives a zero-length message over notify socket
https://notcve.org/view.php?id=CVE-2016-7795
13 Oct 2016 — The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. La función manager_invoke_notify_message en systemd 231 y versiones anteriores permite a usuarios locales provocar una denegación de servicio (fallo de afirmación y colgado de PID 1) a través de un mensaje de longitud cero recibido sobre una notificación de encaje. A flaw was found in the way systemd ... • http://rhn.redhat.com/errata/RHSA-2016-2610.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •