Dbearzhu@Huawei.Com

**Name of the Vulnerable Software and Affected Versions** openEuler iSulad version 2.0.18-13 openEuler iSulad versions 2.1.4-1 through 2.1.4-2 **Description** The issue is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux, allowing the leveraging of Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files, specifically the main.C file in the iSulad repository. **Recommendations** For openEuler iSulad version 2.0.18-13, update to a version that addresses the TOCTOU Race Condition vulnerability. For openEuler iSulad versions 2.1.4-1 through 2.1.4-2, update to a version that addresses the TOCTOU Race Condition vulnerability. As a temporary workaround, consider restricting access to the vulnerable program files, specifically the main.C file, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** openEuler A-Tune-Collector versions 1.1.0-3 through 1.3.0 **Description** The issue is related to an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. This vulnerability allows Command Injection in openEuler A-Tune-Collector on Linux. The vulnerability is associated with program files atune collector/plugin/monitor/process/sched.py. **Recommendations** For versions 1.1.0-3 through 1.3.0, consider disabling the vulnerable `sched.py` module until a patch is available. Restrict access to the vulnerable `atune collector` plugin to minimize the risk of exploitation. Avoid using the `process` monitor functionality in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.