{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:47:35.410","vulnerabilities":[{"cve":{"id":"CVE-2024-52337","sourceIdentifier":"secalert@redhat.com","published":"2024-11-26T16:15:17.717","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations."},{"lang":"es","value":"Se encontró una falla de suplantación de registros en el paquete Tuned debido a una desinfección incorrecta de algunos argumentos de la API. Esta falla permite a un atacante pasar una secuencia controlada de caracteres; se pueden insertar nuevas líneas en el registro. En lugar de la línea 'evil', el atacante podría imitar una línea de registro válida de TuneD y engañar al administrador. Las comillas '' se utilizan generalmente en los registros de TuneD que citan la entrada del usuario sin procesar, por lo que siempre habrá el carácter ' al final de la entrada suplantada, y el administrador puede pasarlo por alto fácilmente. Esta cadena registrada se utiliza más tarde en el registro y en la salida de utilidades, por ejemplo, `tuned-adm get_instances` u otros programas de terceros que utilizan la interfaz D-Bus de Tuned para tales operaciones."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:10381","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:10384","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2024:11161","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0195","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0327","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0368","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0879","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0880","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:0881","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:1785","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:1802","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-52337","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2324541","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"secalert@redhat.com"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/1","source":"secalert@redhat.com"},{"url":"https://security.opensuse.org/2024/11/26/tuned-instance-create.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openwall.com/lists/oss-security/2024/11/28/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}