pkg:Debian/systemd
78 total CVEsCRITICAL4HIGH26MEDIUM35LOW5
✅ Check your installed version
All known vulnerabilities
- from 0, < 240-1
- CRITICAL9.8CVE-2018-21029systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS.from 0, < 244-1
- CRITICAL9.8CVE-2015-7510Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.from 0, < 229-1
- CRITICAL9.8CVE-2017-1000082systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g.from 0, < 234-1
- HIGH8.8CVE-2018-15688A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd.from 0, < 239-11
- from 0, < 247.1-2
- from 0, < 241-7~deb10u9
- from 0, < 232-25+deb9u14
- from 0, < 244.2-1
- HIGH7.8CVE-2019-3844It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, whic…from 0, < 242-4
- HIGH7.8CVE-2019-3843It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the t…from 0, < 242-4
- HIGH7.8CVE-2018-16865An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journ…from 0, < 240-4
- from 0, < 232-25+deb9u7
- from 0, < 240-4
- from 0, < 215-17+deb8u9
- HIGH7.8CVE-2018-15686A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.from 0, < 239-12
- HIGH7.8CVE-2018-6954systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain own…from 0, < 238-1
- from 0, < 237-1
- from 0, < 215-17+deb8u12
- HIGH7.8CVE-2016-10156A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allow…from 0, < 229-1
- HIGH7.5CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a de…from 0, < 247.3-7+deb11u6
- from 0, < 247.3-7+deb11u6
- from 0, < 247.3-7+deb11u6
- HIGH7.5CVE-2017-15908In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in t…from 0, < 235-3
- HIGH7.5CVE-2017-9445In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small.from 0, < 233-10
- HIGH7.5CVE-2017-9217systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty q…from 0, < 232-24
- HIGH7.3CVE-2026-40224In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.from 0, < 260~rc2-1
- from 0, < 241-3
- from 0, < 232-25+deb9u11
- HIGH7.0CVE-2018-15687A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files.from 0, < 239-11
- from 0, < 247.3-7+deb11u8
- MEDIUM6.7CVE-2020-13776systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated b…from 0, < 246-2
- MEDIUM6.4CVE-2026-40226In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.from 0, < 247.3-7+deb11u8
- MEDIUM6.4CVE-2026-40225In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.from 0, < 247.3-7+deb11u8
- from 0
- from 0, < 247.3-7+deb11u6
- from 0, < 215-17+deb8u8
- from 0, < 234-1
- MEDIUM5.5CVE-2026-40227In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.from 0, < 260.1-1
- MEDIUM5.5CVE-2026-40223In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.from 0, < 260~rc1-1
- MEDIUM5.5CVE-2026-29111systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spuri…from 0, < 247.3-7+deb11u8
- from 0, < 247.3-7+deb11u2
- MEDIUM5.5CVE-2022-45873systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace.from 0, < 252-1
- from 0, < 247.3-7+deb11u2
- from 0, < 241-7~deb10u10
- from 0, < 247.3-7
- from 0, < 232-25+deb9u13
- from 0, < 247.3-6
- from 0, < 241-7~deb10u8
- MEDIUM5.5CVE-2012-1101systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).from 0, < 43-1
- from 0, < 215-17+deb8u10
- from 0, < 232-25+deb9u9
- from 0, < 240-6
- from 0, < 231-9
- from 0, < 44-11+deb7u5
- MEDIUM5.5CVE-2016-7795The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure an…from 0, < 231-9
- from 0
- from 0
- from 0
- MEDIUM5.0CVE-2013-4392systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via…from 0
- from 0, < 252.38-1~deb12u1
- from 0, < 247.3-7+deb11u7
- from 0, < 247.3-7+deb11u7
- MEDIUM4.7CVE-2018-16888It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes.from 0, < 237-1
- MEDIUM4.4CVE-2019-15718In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bu…from 0, < 242-7
- LOW3.3CVE-2026-40228In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is exe…from 0
- LOW3.3CVE-2018-16866An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'.from 0, < 240-1
- LOW3.3CVE-2015-8842tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obt…from 0, < 215-1
- LOW3.3CVE-2014-9770tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journa…from 0, < 215-1
- LOW2.4CVE-2019-20386An issue was discovered in button_open in login/logind-button.c in systemd before 243.from 0, < 243-5
- from 0, < 215-17+deb8u11
- —CVE-2012-0871The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to…from 0, < 43-1
- —CVE-2013-4394The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Ext…from 0, < 204-5
- —CVE-2013-4393journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service bl…from 0, < 204-5
- —CVE-2013-4391Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of serv…from 0, < 204-5
- from 0, < 44-11+deb7u4
- from 0, < 204-5
- —CVE-2012-1174The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to del…from 0, < 44-1