897 matches found
Configure Proper Policies for INPUT of iptables
The INPUT chain is used to filter packets received from external systems. For any service provided for external systems, configure the corresponding INPUT policy and enable the related port so that external clients can access the service through the port. If the policy is not set, all packets tha...
Configure Proper Association Policies for INPUT and OUTPUT of iptables
Although you can configure protocols, IP addresses, and port numbers to add policies for packets entering and leaving a server to the INPUT and OUTPUT chains, it is difficult to configure suitable policies using the sport parameter due to complicated situations. For example, a client accesses the...
CVE-2025-59692
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software e.g., UFW,...
CVE-2025-59692
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software e.g., UFW,...
UBUNTU-CVE-2025-59692
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software e.g., UFW,...
PT-2025-38497
Name of the Vulnerable Software and Affected Versions PureVPN versions 2.0.1 and 2.10.0 Description PureVPN client applications on Linux mishandle firewalling. The applications flush existing iptables rules and apply default ACCEPT policies when connecting to a VPN server, removing previously...
CVE-2025-59692
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software e.g., UFW,...
GHSA-2GCV-3QPF-C5QR Chaos Controller Manager is vulnerable to OS command injection
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...
Chaos Controller Manager is vulnerable to OS command injection
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...
CVE-2025-59361
The provided connected sources confirm CVE-2025-59361 pertains to Chaos Mesh’s Chaos Controller Manager, specifically an OS command injection in the mutation path (cleanIptables). The related entry CVE-2025-59358 describes an unauthenticated exposure via a GraphQL debugging surface that can kill ...
Chaos Mesh 操作系统命令注入漏洞
Chaos Mesh is an open source cloud-native engineering platform from Chaos Mesh Open Source. Chaos Mesh suffers from an OS command injection vulnerability that stems from the presence of OS command injection in cleanIptables, which could lead to remote code execution...
Linux Distros Unpatched Vulnerability : CVE-2020-0347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution...
Linux Distros Unpatched Vulnerability : CVE-2019-9946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI...
Linux Distros Unpatched Vulnerability : CVE-2025-54388
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstre...
Linux Distros Unpatched Vulnerability : CVE-2016-4998
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2021-20177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user with root or CAPNETADMIN when inserting iptables rul...
Linux Distros Unpatched Vulnerability : CVE-2024-42270
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr- deref in iptablenattableinit. We had a report that...
Linux Distros Unpatched Vulnerability : CVE-2025-22021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: socket: Lookup orig tuple for IPv6 SNAT nfsklookupslowv4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, ...
Docker Engine 28.2 < 28.3.3 Local Docker Ports Exposed to Network
The version of the Docker Engine Moby installed on the remote host is between 28.2.0 to 28.3.2 It is therefore affected by an vulnerability that exposes local ports to the network. When the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker...
SUSE CVE-2025-54388
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...