systemd CVE Vulnerabilities & CVE List (55)

Products (CPE): — CVEs: 55

systemd vulnerability overview

Aggregates CVE and security vulnerability intelligence across all systemd-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk path handling, vendor risk buffer overflow, and vendor risk memory corruption; exposure may include vendor impact application crash in vendor surface software deployment contexts.

Vulnerability distribution trend (last 24 months)

Showing 4155 of 55 CVEs
«« First « Prev Page 3 / 3 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2017-18078 systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. [email protected] 7.8 1.08% 2018-01-29 2026-06-16
CVE-2017-15908 In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. [email protected] 7.5 23.63% 2017-10-26 2026-06-16
CVE-2015-7510 Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. [email protected] 9.8 4.33% 2017-09-25 2026-06-16
CVE-2017-1000082 systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. [email protected] 9.8 3.88% 2017-07-07 2026-06-16
CVE-2017-9445 In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. [email protected] 7.5 55.12% 2017-06-28 2026-06-16
CVE-2017-9217 systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. [email protected] 7.5 15.42% 2017-05-24 2026-06-16
CVE-2016-10156 A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. [email protected] 7.8 1.21% 2017-01-23 2026-06-16
CVE-2016-7796 The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. [email protected] 5.5 0.85% 2016-10-13 2026-06-16
CVE-2016-7795 The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. [email protected] 5.5 0.63% 2016-10-13 2026-06-16
CVE-2012-0871 The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. [email protected] 6.3 0.36% 2014-04-18 2026-06-16
CVE-2013-4394 The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." [email protected] 5.9 0.34% 2013-10-28 2026-06-16
CVE-2013-4393 journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. [email protected] 2.1 0.39% 2013-10-28 2026-06-16
CVE-2013-4392 systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. [email protected] 5.0 0.47% 2013-10-28 2026-06-16
CVE-2013-4391 Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow. [email protected] 7.5 5.34% 2013-10-28 2026-06-16
CVE-2013-4327 systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. [email protected] 6.9 0.30% 2013-10-03 2026-06-16
«« First « Prev Page 3 / 3 Next »
cvelogic Threat Intelligence