CVE-2023-53785 mt76: mt7921: don't assume adequate headroom for SDIO headers

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: don't assume adequate headroom for SDIO headers mt7921usbsdiotxprepareskb calls mt7921usbsdiowritetxwi and mt7921skbaddusbsdiohdr, both of which blindly assume that adequate headroom will be available in the passed...

SUSE CVE-2025-52890

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options security.macfiltering, security.ipv4filtering and security.ipv6filtering. This can lead to ARP...

CVE-2024-24760

CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...

CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO Generic Receive Offload functionality was enabled in a bridged network configuration. An attacker on the local network could...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20151103)

A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system. CVE-2014-8559, Moderate A buffer overflow flaw was found in the way the Linux...

Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

libvirt: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network

The networkReloadIptablesRules function in network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a 1 DNS or 2 DHCP query...