Max CVSS | 7.2 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-3238 | 5.8 |
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
|
12-02-2023 - 23:15 | 24-08-2015 - 14:59 | |
CVE-2020-1712 | 4.6 |
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially
|
29-11-2022 - 16:25 | 31-03-2020 - 17:15 | |
CVE-2019-15718 | 3.6 |
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivile
|
20-02-2022 - 06:15 | 04-09-2019 - 12:15 | |
CVE-2019-6454 | 4.9 |
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
|
20-02-2022 - 06:08 | 21-03-2019 - 16:01 | |
CVE-2019-3844 | 4.6 |
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker
|
31-01-2022 - 18:52 | 26-04-2019 - 21:29 | |
CVE-2019-20386 | 2.1 |
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
|
28-01-2022 - 21:27 | 21-01-2020 - 06:15 | |
CVE-2018-14348 | 5.5 |
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
|
06-08-2019 - 17:15 | 14-08-2018 - 18:29 | |
CVE-2018-13988 | 4.3 |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
|
25-04-2019 - 14:16 | 25-07-2018 - 23:29 | |
CVE-2010-4708 | 7.2 |
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM
|
03-01-2019 - 15:01 | 24-01-2011 - 19:00 | |
CVE-2011-3149 | 2.1 |
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consu
|
03-01-2019 - 15:01 | 22-07-2012 - 17:55 | |
CVE-2011-1022 | 2.1 |
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to
|
07-09-2011 - 03:15 | 22-03-2011 - 17:55 |