3891 matches found
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40227
CVE-2026-40227 affects systemd 260 prior to 261. A local unprivileged user can trigger an assertion via an IPC API call when passing an array or map that contains a null element. The vulnerability leads to a crash (assertion failure) rather than a remote compromise, with impact on availability as...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40226
The CVE affects systemd-nspawn: versions 233–259 (before 260) are vulnerable. A crafted optional config file can trigger an escape-to-host action. Root cause is not detailed beyond this vector in the provided docs. Remediation implied by the reference is upgrading to systemd 260 or later to mitig...
CVE-2026-40225
The CVE-2026-40225 entry concerns udev in systemd prior to 260, where local root access can result from malicious hardware devices and unsanitized kernel output. The vulnerability affects the systemd/udev component and is described with a CVSSv3.1 base score of 6.4 (MEDIUM), with attack vector Ph...
CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...
CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...
CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...
CVE-2026-40224
CVE-2026-40224 concerns a local privilege escalation in systemd-machined: in systemd 259 before 260, varlink can be used to reach the root namespace, enabling elevation of privileges. The vulnerability affects the systemd component and is tied to root namespace handling via varlink. The provided ...
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...
CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...
CVE-2026-40223
Affected software: systemd, versions 258 prior to 260. Vulnerability: local unprivileged user can trigger an assertion if a Delegate=yes and User= unit exists and is running. Root cause: assertion path in systemd when the unit condition is met. Impact: results in an assertion (denial of service v...