systemd (SUSE:Linux Enterprise Software Development Kit 12 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP4 package systemd, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2018-15688 — CVSS 8.8 (high): A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in…
CVE-2018-16864 — CVSS 7.8 (high): An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in…
CVE-2018-16865 — CVSS 7.8 (high): An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in…
CVE-2020-1712 — CVSS 7.8 (high): A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while…
CVE-2018-6954 — CVSS 7.8 (high): systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain…
CVE-2018-15686 — CVSS 7.8 (high): A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess…
CVE-2019-3842 — CVSS 7.0 (high): In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT…
CVE-2019-6454 — CVSS 5.5 (medium): An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack…
CVE-2018-16866 — CVSS 3.3 (low): An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local…
CVE-2019-20386 — CVSS 2.4 (low): An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory…