Количество 10
Количество 10
BDU:2024-10469
Уязвимость функции instance_create программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю выполнить произвольный код
ROS-20250110-04
Множественные уязвимости tuned
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. ...
GHSA-cfjc-m7fv-63xj
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
RLSA-2024:10384
Important: tuned security update
ELSA-2024-10384
ELSA-2024-10384: tuned security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-10469 Уязвимость функции instance_create программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | ROS-20250110-04 Множественные уязвимости tuned | CVSS3: 7.8 | около 1 года назад | |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | CVSS3: 7.8 | 0% Низкий | около 1 года назад | |
| CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. ... | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
| GHSA-cfjc-m7fv-63xj A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | RLSA-2024:10384 Important: tuned security update | 10 месяцев назад | ||
| ELSA-2024-10384 ELSA-2024-10384: tuned security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу