rpm package
almalinux/tuned-profiles-mssql
pkg:rpm/almalinux/tuned-profiles-mssql
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52337 | Med | 5.5 | < 2.24.0-2.el9_5.alma.1 | 2.24.0-2.el9_5.alma.1 | Nov 26, 2024 | A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log | |
| CVE-2024-52336 | Hig | 7.8 | < 2.24.0-2.el9_5.alma.1 | 2.24.0-2.el9_5.alma.1 | Nov 26, 2024 | A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` op |
- affected < 2.24.0-2.el9_5.alma.1fixed 2.24.0-2.el9_5.alma.1
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log
- affected < 2.24.0-2.el9_5.alma.1fixed 2.24.0-2.el9_5.alma.1
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` op