Aggregates CVE and security vulnerability intelligence across all systemd-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling, vendor risk buffer overflow, and vendor risk memory corruption; exposure may include vendor impact application crash in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-18078 | systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | [email protected] | 7.8 | 1.08% | 2018-01-29 | 2026-06-16 |
| CVE-2017-15908 | In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | [email protected] | 7.5 | 23.63% | 2017-10-26 | 2026-06-16 |
| CVE-2015-7510 | Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. | [email protected] | 9.8 | 4.33% | 2017-09-25 | 2026-06-16 |
| CVE-2017-1000082 | systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. | [email protected] | 9.8 | 3.88% | 2017-07-07 | 2026-06-16 |
| CVE-2017-9445 | In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. | [email protected] | 7.5 | 55.12% | 2017-06-28 | 2026-06-16 |
| CVE-2017-9217 | systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. | [email protected] | 7.5 | 15.42% | 2017-05-24 | 2026-06-16 |
| CVE-2016-10156 | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | [email protected] | 7.8 | 1.21% | 2017-01-23 | 2026-06-16 |
| CVE-2016-7796 | The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | [email protected] | 5.5 | 0.85% | 2016-10-13 | 2026-06-16 |
| CVE-2016-7795 | The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. | [email protected] | 5.5 | 0.63% | 2016-10-13 | 2026-06-16 |
| CVE-2012-0871 | The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | [email protected] | 6.3 | 0.36% | 2014-04-18 | 2026-06-16 |
| CVE-2013-4394 | The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | [email protected] | 5.9 | 0.34% | 2013-10-28 | 2026-06-16 |
| CVE-2013-4393 | journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. | [email protected] | 2.1 | 0.39% | 2013-10-28 | 2026-06-16 |
| CVE-2013-4392 | systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. | [email protected] | 5.0 | 0.47% | 2013-10-28 | 2026-06-16 |
| CVE-2013-4391 | Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow. | [email protected] | 7.5 | 5.34% | 2013-10-28 | 2026-06-16 |
| CVE-2013-4327 | systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | [email protected] | 6.9 | 0.30% | 2013-10-03 | 2026-06-16 |