3891 matches found
CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...
CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...
UBUNTU-CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
UBUNTU-CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
UBUNTU-CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
UBUNTU-CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
UBUNTU-CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
UBUNTU-CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...
Use of Less Trusted Source
Overview Affected versions of this package are vulnerable to Use of Less Trusted Source via the nspawn process. An attacker can gain unauthorized access to the host system by supplying a crafted optional configuration file. Remediation A fix was pushed into the master branch but not yet published...
Comparison Using Wrong Factors
Overview Affected versions of this package are vulnerable to Comparison Using Wrong Factors in the IPC API call process when an array or map containing a null element is provided. An attacker can cause a system crash by sending specially crafted IPC API requests. Remediation A fix was pushed into...
Incorrect Behavior Order
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order in the Delegate process when the User parameter is unset and the unit is running. An attacker can cause a system service to terminate unexpectedly by creating or manipulating a unit with these settings. This is...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-40228
In systemd 259, the vulnerability affects the systemd-journald component. When a user executes a command like logger -p emerg and ForwardToWall=yes is set, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users. This is triggered by the ForwardToWall setting and does ...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...