Количество 10
Количество 10
BDU:2024-10469
Уязвимость функции instance_create программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю выполнить произвольный код
ROS-20250110-04
Множественные уязвимости tuned
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2024-52336
Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
CVE-2024-52336
A script injection vulnerability was identified in the Tuned package. ...
GHSA-cfjc-m7fv-63xj
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
RLSA-2024:10384
Important: tuned security update
ELSA-2024-10384
ELSA-2024-10384: tuned security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-10469 Уязвимость функции instance_create программы для мониторинга и адаптивной настройки системных устройств tuned, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.8 | 0% Низкий | 12 месяцев назад |
 | ROS-20250110-04 Множественные уязвимости tuned | CVSS3: 7.8 | 10 месяцев назад | |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 12 месяцев назад |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 12 месяцев назад |
 | CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 12 месяцев назад |
 | CVE-2024-52336 Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root | CVSS3: 7.8 | 0% Низкий | 11 месяцев назад |
| CVE-2024-52336 A script injection vulnerability was identified in the Tuned package. ... | CVSS3: 7.8 | 0% Низкий | 12 месяцев назад |
| GHSA-cfjc-m7fv-63xj A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | CVSS3: 7.8 | 0% Низкий | 12 месяцев назад |
 | RLSA-2024:10384 Important: tuned security update | 8 месяцев назад | ||
| ELSA-2024-10384 ELSA-2024-10384: tuned security update (IMPORTANT) | 12 месяцев назад |
Уязвимостей на страницу