897 matches found
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003938)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003938 advisory. A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004449)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004449 advisory. A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001658)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001658 advisory. The tcpmssmanglepacket function in net/netfilter/xtTCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001480)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001480 advisory. A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rules...
CVE-2026-23766
Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability pod creators can already exclude sidecar injection entirely."...
CVE-2026-23766
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2026-23766
...
EUVD-2026-2704
Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability pod creators can already exclude sidecar injection entirely."...
CVE-2026-23766
...
CVE-2026-23766
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2026-23766
Istio (through 1.28.2) is affected. A local, low-privilege user can inject iptables firewall rules via the traffic.sidecar.istio.io/excludeInterfaces annotation to alter firewall behavior, potentially impacting system integrity. Public descriptions acknowledge this may not represent a traditional...
PT-2026-3101
Name of the Vulnerable Software and Affected Versions Istio versions through 1.28.2 Description Istio versions through 1.28.2 permit the injection of iptables rules, potentially altering firewall behavior. This is achieved through the traffic.sidecar.istio.io/excludeInterfaces annotation. The...
Istio parameter injection vulnerability
Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.2 have a parameter injection vulnerability. This vulnerability stems from the ability to inject iptables rules through annotations, thereby changing the firewall’s behavior...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003015)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003015 advisory. The tcpmssmanglepacket function in net/netfilter/xtTCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003148)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003148 advisory. The tcpmssmanglepacket function in net/netfilter/xtTCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of...
CVE-2025-67499
A flaw was found in the CNI Container Network Interface portmap plugin. This vulnerability allows containers to intercept all traffic destined for a host port via inadvertent forwarding of traffic with the same destination port when the plugin is configured with the nftables backend, ignoring the...
CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
TencentOS Server 3: kernel (TSSA-2024:1025)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1025 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...