Debian Tuned vulnerabilities

CVE-2024-52337 [MEDIUM] CVE-2024-52337: tuned - A log spoofing flaw was found in the Tuned package due to improper sanitization ... A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing r

CVE-2024-52336 [HIGH] CVE-2024-52336: tuned - A script injection vulnerability was identified in the Tuned package. The `insta... A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or

CVE-2013-1820 [MEDIUM] CVE-2013-1820: tuned - tuned before 2.x allows local users to kill running processes due to insecure pe... tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-6136 [MEDIUM] CVE-2012-6136: tuned - tuned 2.10.0 creates its PID file with insecure permissions which allows local u... tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved