Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by systemd
CVE-2026-40228 (GCVE-0-2026-40228)
Vulnerability from cvelistv5 – Published: 2026-04-10 15:48 – Updated: 2026-04-10 17:27
VLAI?
Summary
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.
Severity ?
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T17:26:54.371080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T17:27:22.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"status": "affected",
"version": "259",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a \"logger -p emerg\" command is executed, if ForwardToWall=yes is set."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T16:07:32.728Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2026/04/08/1"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40228",
"datePublished": "2026-04-10T15:48:44.215Z",
"dateReserved": "2026-04-10T15:48:43.773Z",
"dateUpdated": "2026-04-10T17:27:22.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40227 (GCVE-0-2026-40227)
Vulnerability from cvelistv5 – Published: 2026-04-10 15:19 – Updated: 2026-04-10 15:26
VLAI?
Summary
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
Severity ?
6.2 (Medium)
CWE
- CWE-1025 - Comparison Using Wrong Factors
Assigner
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThan": "261",
"status": "affected",
"version": "260",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1025",
"description": "CWE-1025 Comparison Using Wrong Factors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T15:26:26.507Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40227",
"datePublished": "2026-04-10T15:19:51.433Z",
"dateReserved": "2026-04-10T15:19:51.012Z",
"dateUpdated": "2026-04-10T15:26:26.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40226 (GCVE-0-2026-40226)
Vulnerability from cvelistv5 – Published: 2026-04-10 15:18 – Updated: 2026-04-10 15:34
VLAI?
Summary
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.
Severity ?
6.4 (Medium)
CWE
- CWE-348 - Use of Less Trusted Source
Assigner
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThan": "260",
"status": "affected",
"version": "233",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "CWE-348 Use of Less Trusted Source",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T15:34:22.039Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40226",
"datePublished": "2026-04-10T15:18:10.447Z",
"dateReserved": "2026-04-10T15:18:10.040Z",
"dateUpdated": "2026-04-10T15:34:22.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40225 (GCVE-0-2026-40225)
Vulnerability from cvelistv5 – Published: 2026-04-10 15:16 – Updated: 2026-04-10 15:33
VLAI?
Summary
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.
Severity ?
6.4 (Medium)
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThan": "260",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T15:33:39.797Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40225",
"datePublished": "2026-04-10T15:16:19.827Z",
"dateReserved": "2026-04-10T15:16:19.391Z",
"dateUpdated": "2026-04-10T15:33:39.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40224 (GCVE-0-2026-40224)
Vulnerability from cvelistv5 – Published: 2026-04-10 15:14 – Updated: 2026-04-10 18:13
VLAI?
Summary
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.
Severity ?
6.7 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T18:12:38.526078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T18:13:05.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThan": "260",
"status": "affected",
"version": "259",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T15:33:17.159Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-6pwp-j5vg-5j6m"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40224",
"datePublished": "2026-04-10T15:14:21.904Z",
"dateReserved": "2026-04-10T15:14:21.394Z",
"dateUpdated": "2026-04-10T18:13:05.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40223 (GCVE-0-2026-40223)
Vulnerability from cvelistv5 – Published: 2026-04-10 15:10 – Updated: 2026-04-10 15:32
VLAI?
Summary
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.
Severity ?
4.7 (Medium)
CWE
- CWE-696 - Incorrect Behavior Order
Assigner
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThan": "260",
"status": "affected",
"version": "258",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=\u003cunset\u003e unit exists and is running."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696 Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T15:32:55.263Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-x4h8-rrrg-q78f"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-40223",
"datePublished": "2026-04-10T15:10:56.605Z",
"dateReserved": "2026-04-10T15:10:56.096Z",
"dateUpdated": "2026-04-10T15:32:55.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29111 (GCVE-0-2026-29111)
Vulnerability from cvelistv5 – Published: 2026-03-23 21:03 – Updated: 2026-03-25 19:13
VLAI?
Title
systemd: Local unprivileged user can trigger an assert
Summary
systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.
Severity ?
5.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29111",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:12:36.640498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:13:11.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"status": "affected",
"version": "\u003e= 239, \u003c 257.11"
},
{
"status": "affected",
"version": "\u003e= 258, \u003c 258.5"
},
{
"status": "affected",
"version": "\u003e= 259, \u003c 259.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T21:03:56.120Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764"
},
{
"name": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a"
},
{
"name": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6"
},
{
"name": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412"
},
{
"name": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd"
},
{
"name": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f"
},
{
"name": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f"
},
{
"name": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69"
},
{
"name": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6"
},
{
"name": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c"
},
{
"name": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8"
}
],
"source": {
"advisory": "GHSA-gx6q-6f99-m764",
"discovery": "UNKNOWN"
},
"title": "systemd: Local unprivileged user can trigger an assert"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29111",
"datePublished": "2026-03-23T21:03:56.120Z",
"dateReserved": "2026-03-03T21:54:06.709Z",
"dateUpdated": "2026-03-25T19:13:11.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-1101 (GCVE-0-2012-1101)
Vulnerability from cvelistv5 – Published: 2020-03-11 14:58 – Updated: 2024-08-06 18:45
VLAI?
Summary
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2011-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"status": "affected",
"version": "37-1"
}
]
}
],
"datePublic": "2011-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T14:58:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1101",
"datePublished": "2020-03-11T14:58:57.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:45:27.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15687 (GCVE-0-2018-15687)
Vulnerability from cvelistv5 – Published: 2018-10-26 14:00 – Updated: 2025-06-09 15:48
VLAI?
Title
systemd: chown_one() can dereference symlinks
Summary
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
Severity ?
7.8 (High)
CWE
- There is a race condition between a stat(2) call and the fchmodat(2) call.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2018-10-25 00:00
Credits
Jann Horn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201810-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/systemd/systemd/pull/10517/commits"
},
{
"name": "105748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105748"
},
{
"name": "USN-3816-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3816-1/"
},
{
"name": "45715",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45715/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-15687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:48:02.637217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:48:38.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThanOrEqual": "239",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jann Horn"
}
],
"datePublic": "2018-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "There is a race condition between a stat(2) call and the fchmodat(2) call.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T10:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "GLSA-201810-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/pull/10517/commits"
},
{
"name": "105748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105748"
},
{
"name": "USN-3816-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3816-1/"
},
{
"name": "45715",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45715/"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692"
],
"discovery": "EXTERNAL"
},
"title": "systemd: chown_one() can dereference symlinks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2018-10-25T00:00:00.000Z",
"ID": "CVE-2018-15687",
"STATE": "PUBLIC",
"TITLE": "systemd: chown_one() can dereference symlinks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "239"
}
]
}
}
]
},
"vendor_name": "systemd"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jann Horn"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "There is a race condition between a stat(2) call and the fchmodat(2) call."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"name": "https://github.com/systemd/systemd/pull/10517/commits",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/pull/10517/commits"
},
{
"name": "105748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105748"
},
{
"name": "USN-3816-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3816-1/"
},
{
"name": "45715",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45715/"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2018-15687",
"datePublished": "2018-10-26T14:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:48:38.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15688 (GCVE-0-2018-15688)
Vulnerability from cvelistv5 – Published: 2018-10-26 14:00 – Updated: 2025-06-09 15:55
VLAI?
Title
Out-of-Bounds write in systemd-networkd dhcpv6 option handling
Summary
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
Severity ?
8.8 (High)
CWE
- dhcp6_option_append_ia() contained an incorrect buffer size calculation.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2018-10-25 00:00
Credits
Felix Wilhelm from the Google Security Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201810-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name": "USN-3807-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3807-1/"
},
{
"name": "USN-3806-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3806-1/"
},
{
"name": "RHSA-2018:3665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3665"
},
{
"name": "105745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105745"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/systemd/systemd/pull/10518"
},
{
"name": "RHSA-2019:0049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0049"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-15688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:55:22.388769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:55:41.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThanOrEqual": "239",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Felix Wilhelm from the Google Security Team"
}
],
"datePublic": "2018-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "dhcp6_option_append_ia() contained an incorrect buffer size calculation.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T05:06:03.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "GLSA-201810-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name": "USN-3807-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3807-1/"
},
{
"name": "USN-3806-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3806-1/"
},
{
"name": "RHSA-2018:3665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3665"
},
{
"name": "105745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105745"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/pull/10518"
},
{
"name": "RHSA-2019:0049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0049"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921"
],
"discovery": "EXTERNAL"
},
"title": "Out-of-Bounds write in systemd-networkd dhcpv6 option handling",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2018-10-25T00:00:00.000Z",
"ID": "CVE-2018-15688",
"STATE": "PUBLIC",
"TITLE": "Out-of-Bounds write in systemd-networkd dhcpv6 option handling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "239"
}
]
}
}
]
},
"vendor_name": "systemd"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Felix Wilhelm from the Google Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "dhcp6_option_append_ia() contained an incorrect buffer size calculation."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name": "USN-3807-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3807-1/"
},
{
"name": "USN-3806-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3806-1/"
},
{
"name": "RHSA-2018:3665",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3665"
},
{
"name": "105745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105745"
},
{
"name": "https://github.com/systemd/systemd/pull/10518",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/pull/10518"
},
{
"name": "RHSA-2019:0049",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0049"
},
{
"name": "RHBA-2019:0327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2018-15688",
"datePublished": "2018-10-26T14:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:55:41.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15686 (GCVE-0-2018-15686)
Vulnerability from cvelistv5 – Published: 2018-10-26 14:00 – Updated: 2025-06-09 15:50
VLAI?
Title
systemd: reexec state injection: fgets() on overlong lines leads to line splitting
Summary
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Severity ?
CWE
- fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2018-10-25 00:00
Credits
Jann Horn
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201810-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name": "105747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105747"
},
{
"name": "45714",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45714/"
},
{
"name": "USN-3816-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3816-1/"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "RHSA-2019:3222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"name": "RHSA-2020:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/systemd/systemd/pull/10519"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-15686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:50:23.789109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:50:48.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "systemd",
"vendor": "systemd",
"versions": [
{
"lessThanOrEqual": "239",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jann Horn"
}
],
"datePublic": "2018-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:53:12.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "GLSA-201810-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name": "105747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105747"
},
{
"name": "45714",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45714/"
},
{
"name": "USN-3816-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3816-1/"
},
{
"name": "RHSA-2019:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "RHSA-2019:3222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"name": "RHSA-2020:0593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/systemd/systemd/pull/10519"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402"
],
"discovery": "EXTERNAL"
},
"title": "systemd: reexec state injection: fgets() on overlong lines leads to line splitting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2018-10-25T00:00:00.000Z",
"ID": "CVE-2018-15686",
"STATE": "PUBLIC",
"TITLE": "systemd: reexec state injection: fgets() on overlong lines leads to line splitting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "systemd",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "239"
}
]
}
}
]
},
"vendor_name": "systemd"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jann Horn"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "fgets() can be confused by overly-long input strings. The first read will return a partial string and subsequent reads will begin as if it were a new line."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-10"
},
{
"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name": "105747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105747"
},
{
"name": "45714",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45714/"
},
{
"name": "USN-3816-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3816-1/"
},
{
"name": "RHSA-2019:2091",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"name": "RHSA-2019:3222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3222"
},
{
"name": "RHSA-2020:0593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0593"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://github.com/systemd/systemd/pull/10519",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/pull/10519"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2018-15686",
"datePublished": "2018-10-26T14:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:50:48.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}