CVE-2026-46244

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nftinner module. This vulnerability arises from an incorrect handling of IPv6 inner packet processing, where the transport header offset innerthoff becomes desynchronized from the Layer 4 protocol l4proto. A remot...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Net: libwx: fixed the Tx L4 checksum. The hardware only supports L4 checksum offloading for TCP/UDP/SCTP protocols. There was a bug in setting the Tx checksum flag for other protocols, which resulted in a Tx ring hang. This issue...

net: libwx: fix Tx L4 checksum

...

Linux Distros Unpatched Vulnerability : CVE-2021-36213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing th...

Linux Distros Unpatched Vulnerability : CVE-2025-22101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SC...

CVE-2025-20221

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this...

CVE-2025-20221

A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this...

SUSE CVE-2025-22101

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol. There was a bug to set Tx checksum flag for the other protocol that results in Tx ring hang. Fix to compute software checksu...

UBUNTU-CVE-2025-22101

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol. There was a bug to set Tx checksum flag for the other protocol that results in Tx ring hang. Fix to compute software checksu...

kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations The Linux kernel CVE team has assigned CVE-2024-26673 to this issue. Upstream advisory:...

kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations The Linux kernel CVE team has assigned CVE-2024-26673 to this issue. Upstream advisory:...

DEBIAN-CVE-2024-26673

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...

appneta tcpreplay 安全漏洞

Appneta Tcpreplay is a suite of open source utilities for editing and replaying network traffic on UNIX-based operating systems from Appneta, Inc. A security vulnerability exists in appneta tcpreplay 4.4.4 and earlier versions, which stems from a buffer overflow vulnerability in the function...

Meta Katran Security Vulnerability

Meta Katran is a C++ library and BPF program from Meta Corporation. It is used to build high-performance Layer 4 load-balanced forwarding planes. A security vulnerability exists in Meta Katran that stems from the ability to expose uninitialized kernel memory as part of an IP header...

SUSE CVE-2019-8376

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function getlayer4v6 located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service Segmentation fault or possibly have...

SUSE CVE-2022-27939

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in getlayer4v6 in common/get.c...

PT-2022-18707 · Tcpreplay +2 · Tcpreplay +2

Name of the Vulnerable Software and Affected Versions: Tcpreplay version 4.4.1 Description: The issue is related to a reachable assertion in the get layer4 v6 function located in common/get.c. This assertion is reachable in tcprewrite, a component of Tcpreplay. Recommendations: For Tcpreplay...

UBUNTU-CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

PT-2021-21178 · Hashicorp · Hashicorp Consul +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.9.0 through 1.10.0 Description: The issue arises when a default deny policy with a single L7 application-aware intention deny action is used, causing the intention to incorrectly fail open and...

CVE-2020-3444

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...