Astra Linux - уязвимость в multipath-tools

Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...

K000159078: Podman vulnerability CVE-2024-3056

Security Advisory Description A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will...

CVE-2024-34455

Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2...

CVE-2025-47416

A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the...

CVE-2025-47416

CVE-2025-47416 affects Crestron touch panels TSW-760 and TSW-1060. The vulnerability resides in the ConsoleFindCommandMatchList function in libsymproc.so imported by ctpd, which may lead to unauthorized execution of an attacker-defined file prioritized by ConsoleFindCommandMatchList. The issue is...

Linux Distros Unpatched Vulnerability : CVE-2019-12779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without...

AZL-49546 CVE-2024-3056 affecting package podman 4.1.1-26

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

AZL-49596 CVE-2024-3056 affecting package podman for versions less than 5.6.1-2

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

CVE-2024-34455

Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2...

CVE-2024-34455

Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2...

CVE-2024-34455

CVE-2024-34455 affects Buildroot prior to version 0b2967e, due to missing sticky bit on /dev/shm. The issue is fixed in 2024.02.2; affected users should update to 2024.02.2 or later. Public sources (Red Hat, NVD, OSV, CVE lists) corroborate the description of the vulnerability and the fix. The CV...

CVE-2024-34455

Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2...

CVE-2024-34455

Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2...

PT-2024-25909 · Buildroot · Buildroot

Name of the Vulnerable Software and Affected Versions: Buildroot versions prior to 0b2967e Buildroot version 2024.02.2 and later are not affected, but all versions before 0b2967e are vulnerable. Since 2024.02.2 is the fixed version, we list all versions prior to 0b2967e as vulnerable. Description...

RHEL 8 : device-mapper-multipath (RHSA-2024:1110)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1110 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

EulerOS Virtualization 2.9.1 : multipath-tools (EulerOS-SA-2023-1643)

According to the versions of the multipath-tools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction...

SUSE CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

SUSE CVE-2022-41973

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

EulerOS 2.0 SP8 : device-mapper-multipath (EulerOS-SA-2023-1310)

According to the versions of the device-mapper-multipath packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with...

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

...