2 matches found
CVE-2019-3842
The CVE-2019-3842 issue affects systemd’s pam_systemd, where improper sanitization of the XDG_SEAT environment variable could enable commands to be checked against polkit policies using the "allow_active" element instead of "allow_any" in some configurations. This is a local vulnerability (enviro...
CVE-2018-20839
The CVE-2018-20839 entry concerns systemd 242, where a mishandled KDGKBMODE (current keyboard mode) check causes VT1 mode changes on logout. This can allow an attacker with physical access (watching shutdown or switching TTYs via Ctrl-Alt-F1/F2) to read cleartext passwords in certain scenarios. T...