Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : systemd-239-45.el8 (AXSA:2021-2177:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2177:05 advisory. systemd: Spoofing of XDGSEAT allows for actions to be checked against allowactive instead of allowany CVE-2019-3842 systemd: Mishandles numerical...

7CVSS6.6AI score0.01217EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.5 views

SUSE CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

4.5CVSS7AI score0.01217EPSS
Exploits3References31
RedHat Linux
RedHat Linux
added 2021/05/18 3:28 p.m.5 views

systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"

It was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polkit policies using the...

7CVSS7.2AI score0.01217EPSS
Exploits3References4
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.5 views

In systemd before v242-rc4 it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker in some particular configurations to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

...

7CVSS5.3AI score0.01217EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.6 views

The vulnerability of the pam_systemd module of the systemd daemon, related to the improper use of environmental variables, allows a attacker to compromise the confidentiality, integrity, and accessibility of protected data.

The vulnerability of the pamsystemd module in the systemd initialization daemon is related to improper cleaning of the environment before using the variable XDGSEAT. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected data...

7CVSS5.8AI score0.01217EPSS
Exploits3References12Affected Software6
OSV
OSV
added 2019/04/08 12:0 a.m.3 views

UBUNTU-CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...

7CVSS6.1AI score0.01217EPSS
Exploits3References3
Rows per page
Query Builder