14 matches found
Astra Linux – Vulnerability in docker.io-app
Moby is an open-source container framework developed by Docker Inc., distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby versions prior to 28.0.0. When firewalld is reloaded, Docker fails to recreate...
EUVD-2011-4524
Malware in sbrugna...
Network Isolation Bypass
github.com/moby/moby is vulnerable to network isolation bypass. The vulnerability is due to Docker failing to re-create iptables rules isolating bridge networks after firewalld reload, which allows an attacker to access all ports of containers across different bridge networks on the same host,...
UBUNTU-CVE-2025-54410
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...
GO-2025-3781 Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks in github.com/lxc/incus
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks in github.com/lxc/incus...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper enforcement of resource limits in the nftables rules generation process for managed bridge networks. An attacker can exhaust the DHCP pool and disrupt network...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper enforcement of resource limits in the nftables rules generation process for managed bridge networks. An attacker can exhaust the DHCP pool and disrupt network...
CVE-2025-52890 Incus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLs
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options security.macfiltering, security.ipv4filtering and security.ipv6filtering. This can lead to ARP...
CVE-2025-52890
Incus CVE-2025-52890 affects the Incus system container/VM manager; versions 6.12 and 6.13 generate nftables rules when an ACL is used on a bridge-connected device, which partially bypasses security.mac_filtering, security.ipv4_filtering and security.ipv6_filtering. This can enable ARP spoofing o...
CVE-2025-52889
Incus (system container/VM manager) on versions 6.12–6.13 is vulnerable when an ACL on a bridge-connected device is used: nftables rules for local services can bypass security.mac_filtering, security.ipv4_filtering, and security.ipv6_filtering, enabling DHCP pool exhaustion and potential further ...
Authorization Bypass
libvirt is vulnerable to authorization bypass attacks. The vulnerability exists as the networkReloadIptablesRules function of network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to...
CVE-2011-4600
The networkReloadIptablesRules function in network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a 1 DNS or 2 DHCP query...
DEBIAN-CVE-2011-4600
The networkReloadIptablesRules function in network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a 1 DNS or 2 DHCP query...
UBUNTU-CVE-2011-4600
The networkReloadIptablesRules function in network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a 1 DNS or 2 DHCP query...