9 matches found
SUSE CVE-2023-3390
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c. Mishandled error handling with NFTMSGNEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local...
CVE-2024-23169
The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting XSS via the Where textbox on the Reports screen during new rule creation...
CVE-2024-23169
The CVE-2024-23169 vulnerability affects RSA NetWitness Platform (NetWitness) 11.7.2.0, where the web interface allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation. The available connected documents confirm the affected product and the specific U...
kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE
A use-after-free vulnerability was found in the netfilter: nftables component in the Linux kernel due to a missing error handling in the abort path of NFTMSGNEWRULE. This flaw allows a local attacker with CAPNETADMIN access capability to cause a local privilege escalation problem...
kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE
A use-after-free vulnerability was found in the netfilter: nftables component in the Linux kernel due to a missing error handling in the abort path of NFTMSGNEWRULE. This flaw allows a local attacker with CAPNETADMIN access capability to cause a local privilege escalation problem...
kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE
A use-after-free vulnerability was found in the netfilter: nftables component in the Linux kernel due to a missing error handling in the abort path of NFTMSGNEWRULE. This flaw allows a local attacker with CAPNETADMIN access capability to cause a local privilege escalation problem...
The vulnerability of the Netfilter subsystem in Linux operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Netfilter subsystem in Linux operating systems is related to the use of memory after it is freed during the processing of the NFTMSGNEWRULE parameter. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of th...
UBUNTU-CVE-2023-3390
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c. Mishandled error handling with NFTMSGNEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local...
Cross-site Scripting (XSS) - Stored
Stored-xss is possible when adding a rule. Create a new Alert Rule like below and adjust the query like below with the following payload " Save the rule and see a xss-pop up...