Количество 9
Количество 9
BDU:2024-10469
Уязвимость функции instance_create программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю выполнить произвольный код
ROS-20250110-04
Множественные уязвимости tuned
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. ...
GHSA-cfjc-m7fv-63xj
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
ELSA-2024-10384
ELSA-2024-10384: tuned security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-10469 Уязвимость функции instance_create программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
 | ROS-20250110-04 Множественные уязвимости tuned | CVSS3: 7.8 | 5 месяцев назад | |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
 | CVSS3: 7.8 | 0% Низкий | 6 месяцев назад | |
| CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. ... | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
| GHSA-cfjc-m7fv-63xj A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
| ELSA-2024-10384 ELSA-2024-10384: tuned security update (IMPORTANT) | 7 месяцев назад |
Уязвимостей на страницу