17 matches found
Improper Traffic Filtering
github.com/containernetworking/plugins is vulnerable to improper traffic filtering. The vulnerability is due to incorrect handling of destination IP when using the nftables backend, which allows an attacker to intercept unintended traffic destined for the same host port across containers...
SUSE CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499
A flaw was found in the CNI Container Network Interface portmap plugin. This vulnerability allows containers to intercept all traffic destined for a host port via inadvertent forwarding of traffic with the same destination port when the plugin is configured with the nftables backend, ignoring the...
Linux Distros Unpatched Vulnerability : CVE-2025-67499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently...
CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
UBUNTU-CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
Plugins 信息泄露漏洞
Plugins are a number of CNI open source reference and example network plugins. An information disclosure vulnerability exists in Plugins versions 1.6.0 through 1.8.0, which stems from a misconfiguration of the nftables backend that could lead to traffic interception...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499
The CVE-2025-67499 issue affects the CNI portmap plugin (versions 1.6.0–1.8.0) when configured with the nftables backend: it forwards all traffic sharing the host port, ignoring the destination IP, enabling containers requesting HostPort forwarding to intercept traffic not intended for the node. ...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
GHSA-JV3W-X3R3-G6RM CNA Plugins Portmap nftables backend can intercept non-local traffic
Background The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. For example, if a host has the IP 198.51.100.42, a container may request that all packets to 198.51.100.42:53 be forwarded to the container's network. Vulnerability When t...
EUVD-2025-202173
CNA Plugins Portmap nftables backend can intercept non-local traffic...
PT-2025-50280
Name of the Vulnerable Software and Affected Versions CNI portmap plugin versions 1.6.0 through 1.8.0 Description The CNI portmap plugin flaw allows containers to intercept traffic not intended for the node. This occurs when the plugin is configured with the nftables backend, inadvertently...
firewalld bug fix and enhancement update
An update is available for firewalld. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list firewalld is a firewall service daemon that provides a dynamic customizable...
CLSA-2024-1705081763 Fix of 7 CVEs
CVE-url: https://ubuntu.com/security/CVE-2023-7192 - netfilter: ctnetlink: fix possible refcount leak in ctnetlinkcreateconntrack CVE-url: https://ubuntu.com/security/CVE-2023-6610 - smb: client: fix potential OOB in smb2dumpdetail CVE-url: https://ubuntu.com/security/CVE-2023-6606 - smb: client:...