Openeuler
Products
11- 6 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24897 | Hig | 0.53 | 8.1 | 0.01 | Mar 25, 2024 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_co… | ||
| CVE-2024-24892 | Hig | 0.53 | 8.1 | 0.01 | Mar 25, 2024 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program… | ||
| CVE-2024-24890 | Hig | 0.51 | 7.8 | 0.01 | Mar 25, 2024 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/… | ||
| CVE-2024-24899 | Hig | 0.47 | 7.2 | 0.02 | Mar 25, 2024 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/const… | ||
| CVE-2021-33633 | Hig | 0.47 | 7.3 | 0.01 | Mar 23, 2024 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from… | ||
| CVE-2021-33632 | Hig | 0.46 | 7.0 | 0.00 | Mar 25, 2024 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad… | ||
| CVE-2021-33638 | 0.00 | — | 0.00 | Oct 29, 2023 | When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. | |||
| CVE-2021-33637 | 0.00 | — | 0.00 | Oct 29, 2023 | When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. | |||
| CVE-2021-33636 | 0.00 | — | 0.00 | Oct 29, 2023 | When the isula load command is used to load malicious images, attackers can execute arbitrary code. | |||
| CVE-2021-33635 | 0.00 | — | 0.01 | Oct 29, 2023 | When malicious images are pulled by isula pull, attackers can execute arbitrary code. | |||
| CVE-2021-33634 | 0.00 | — | 0.00 | Oct 29, 2023 | iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS. | |||
| CVE-2021-33639 | 0.00 | — | 0.00 | Mar 8, 2023 | REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | |||
| CVE-2021-33642 | 0.00 | — | 0.00 | Jan 20, 2023 | When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. | |||
| CVE-2021-33658 | 0.00 | — | 0.00 | Mar 11, 2022 | atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. | |||
| CVE-2021-33629 | 0.00 | — | 0.01 | Jul 26, 2021 | isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data. |
- risk 0.53cvss 8.1epss 0.01
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_co…
- risk 0.53cvss 8.1epss 0.01
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program…
- risk 0.51cvss 7.8epss 0.01
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/…
- risk 0.47cvss 7.2epss 0.02
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/const…
- risk 0.47cvss 7.3epss 0.01
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from…
- risk 0.46cvss 7.0epss 0.00
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad…
- CVE-2021-33638Oct 29, 2023risk 0.00cvss —epss 0.00
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
- CVE-2021-33637Oct 29, 2023risk 0.00cvss —epss 0.00
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
- CVE-2021-33636Oct 29, 2023risk 0.00cvss —epss 0.00
When the isula load command is used to load malicious images, attackers can execute arbitrary code.
- CVE-2021-33635Oct 29, 2023risk 0.00cvss —epss 0.01
When malicious images are pulled by isula pull, attackers can execute arbitrary code.
- CVE-2021-33634Oct 29, 2023risk 0.00cvss —epss 0.00
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.
- CVE-2021-33639Mar 8, 2023risk 0.00cvss —epss 0.00
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.
- CVE-2021-33642Jan 20, 2023risk 0.00cvss —epss 0.00
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.
- CVE-2021-33658Mar 11, 2022risk 0.00cvss —epss 0.00
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.
- CVE-2021-33629Jul 26, 2021risk 0.00cvss —epss 0.01
isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.