83 matches found
Design/Logic Flaw
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
DEBIAN-CVE-2021-20177
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected...
Information disclosure
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected...
kernel: netfilter: use-after-free in the packet processing context
A use-after-free flaw was found in the packet processing context in net/netfilter/xtables.c in netfilter in the Linux Kernel. This issue occurs when the per-CPU sequence count is mishandled during concurrent iptables rules replacement and can be exploited with the CAPNETADMIN capability in an...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9038 advisory. - netfilter: add and use nfhookslowlist Florian Westphal Orabug: 32372530 CVE-2021-20177 - target: fix XCOPY NAA identifier lookup David Disseldorp...
Debian DLA-2557-1 : linux-4.19 security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial o...
CVE-2021-20177
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected...
UBUNTU-CVE-2021-20177
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected...
Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Red Hat OpenShift Container Platform release 3.11.170 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...
UBUNTU-CVE-2019-9946
Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...
Design/Logic Flaw
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...
CVE-2017-8217
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface...
DEBIAN-CVE-2011-4600
The networkReloadIptablesRules function in network/bridgedriver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a 1 DNS or 2 DHCP query...
RHEL 7 : kernel (RHSA-2016:0103)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0103 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA Instruction Set...
JShielder - LAMP/LEMP Secure Deployment
JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little...
[SECURITY] Fedora 21 Update: perl-IPTables-Parse-1.5-2.fc21
The IPTables::Parse package provides an interface to parse iptables rules on Linux systems through the direct execution of iptables commands, or from parsing a file that contains an iptables policy listing. You can get the current policy applied to a table/chain, look for a specific user-defined...
SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code SCTP kernel module, but the code is not enabled by...
kernel: iptables restriction bypass if a protocol handler kernel module not loaded
A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol SCTP case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking...
DEBIAN-CVE-2014-8160
net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with...
UBUNTU-CVE-2014-8160
net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with...