OpenEuler Security Vulnerabilities

CVE-2024-24892

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files...

CVE-2024-24898

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects...

CVE-2024-24899

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue....

CVE-2024-24891

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects...

CVE-2021-33632

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This...

CVE-2021-33633

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through...

CVE-2024-24897

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...

CVE-2024-24890

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files...

CVE-2021-33630

NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before...

CVE-2021-33631

Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before...

CVE-2021-33635

When malicious images are pulled by isula pull, attackers can execute arbitrary...

CVE-2021-33636

When the isula load command is used to load malicious images, attackers can execute arbitrary...

CVE-2021-33637

When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the...

CVE-2021-33634

iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause...

CVE-2021-33638

When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the...

CVE-2021-33640

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used...

CVE-2021-33642

When a file is processed, an infinite loop occurs in next_inline() of the more_curly()...

CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after...

CVE-2021-33658

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default...

CVE-2021-33629

isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing...