MiracleLinux 9 : tuned-2.24.0-2.el9_5.ML.1 (AXSA:2024-9446:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9446:06 advisory. tuned: scriptpre and scriptpost options allow to pass arbitrary scripts executed by root CVE-2024-52336 tuned: improper sanitization of instancename...

Linux Distros Unpatched Vulnerability : CVE-2024-52336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

...

SUSE CVE-2024-52336

A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with scriptpre or scriptpost options that permit arbitrary...

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

tuned 安全漏洞

tuned is tuned open source server-side program for a dynamic system tuning tool. The program is mainly used to monitor and collect data from various system components, and dynamically adjust system settings based on the information provided by the data. tuned has a security vulnerability that...