| Max CVSS | 4.9 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-1712 | 4.6 |
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially
|
29-11-2022 - 16:25 | 31-03-2020 - 17:15 | |
| CVE-2019-15718 | 3.6 |
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivile
|
20-02-2022 - 06:15 | 04-09-2019 - 12:15 | |
| CVE-2019-6454 | 4.9 |
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
|
20-02-2022 - 06:08 | 21-03-2019 - 16:01 | |
| CVE-2019-3844 | 4.6 |
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker
|
31-01-2022 - 18:52 | 26-04-2019 - 21:29 | |
| CVE-2019-20386 | 2.1 |
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
|
28-01-2022 - 21:27 | 21-01-2020 - 06:15 |