2 matches found
CVE-2023-7008
CVE-2023-7008 affects systemd-resolved in systemd by allowing DNSSEC-signed domains to be accepted even when unsigned, enabling record manipulation by an attacker via MITM or upstream resolver. Connected advisories confirm a fix is available in patched systemd packages (e.g., Debian 247.3-7+deb11...
CVE-2012-0871
CVE-2012-0871 concerns systemd-logind’s session_link_x11_socket vulnerability in systemd (possibly 37 and earlier). A local user can exploit a symlink attack on /run/user/ to create or overwrite arbitrary files via login/logind-session.c. Multiple sources confirm the issue and describe affected c...