Lucene search
+L

469 matches found

cvelist
cvelist
added 2025/09/16 4:11 p.m.6 views

CVE-2023-53304 netfilter: nft_set_rbtree: fix overlap expiration walk

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix overlap expiration walk The lazy gc on insert that should remove timed-out entries fails to release the other half of the interval, if any. Can be reproduced with...

0.00146EPSS
Exploits0References7
cve
cve
added 2025/09/16 4:11 p.m.28 views

CVE-2023-53304

CVE-2023-53304 concerns the Linux kernel netfilter nft_set_rbtree code. The advisory describes three concrete issues resolved by patching: 1) a lazy garbage-collection on insert that may fail to release the other half of an interval, impacting interval timing expiration walks; 2) incorrect use of...

5.5CVSS6.1AI score0.00146EPSS
Exploits0References7Affected Software1
nessus
nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-1016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause a use-after-free. This issue needs to handle 'return' with prop...

5.5CVSS6.6AI score0.00416EPSS
Exploits11References2
nessus
nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-46992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32b...

7.1CVSS6.4AI score0.0026EPSS
Exploits0References2
nessus
nessus
added 2025/08/12 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-47546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present...

5.5CVSS6.1AI score0.00222EPSS
Exploits0References2
nessus
nessus
added 2025/08/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-6284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended...

7.3CVSS5.5AI score0.00287EPSS
Exploits1References2
nessus
nessus
added 2025/08/11 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-52889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rul...

3.4CVSS6AI score0.00202EPSS
Exploits0References2
nessus
nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-46996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix a memleak from userdata error path in new objects Release object na...

5.5CVSS6.3AI score0.00246EPSS
Exploits0References2
nessus
nessus
added 2025/08/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-35001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network...

7.8CVSS6.8AI score0.01508EPSS
Exploits2References2
nessus
nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-52890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rul...

8.1CVSS6AI score0.00195EPSS
Exploits0References2
osv
osv
added 2025/07/28 7:57 p.m.3 views

GO-2025-3782 Incus creates nftables rules that partially bypass security options in github.com/lxc/incus

Incus creates nftables rules that partially bypass security options in github.com/lxc/incus...

8.1CVSS6.2AI score0.00195EPSS
Exploits0References3
suse
suse
added 2025/07/15 2:20 p.m.4 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50085: dm raid: fix address sanitizer warning in raidresume bsc1245147. CVE-2022-50087: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fai...

8.5CVSS7.6AI score0.12746EPSS
Exploits13References546
osv
osv
added 2025/07/10 8:25 a.m.8 views

SUSE-SU-2025:2264-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: schets: do not peek at classes beyond 'nbands' bsc1207361 bsc1225468. - CVE-2021-47595: net/sched: schets: do not remove idle classes from...

7.8CVSS6.7AI score0.12746EPSS
Exploits16References548
veracode
veracode
added 2025/06/30 3:51 a.m.6 views

Security Filter Bypass

github.com/lxc/incus is vulnerable to security filter bypass. The vulnerability is due to incorrect generation of nftables rules when applying ACLs on devices connected to a bridge, which allows ARP spoofing and full spoofing of another VM/container on the same bridge...

8.1CVSS6.2AI score0.00195EPSS
Exploits0References4Affected Software3
susecve
susecve
added 2025/06/26 11:21 p.m.4 views

SUSE CVE-2025-52889

Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services DHCP, DNS... that partially bypass security options security.macfiltering, security.ipv4filtering and...

3.4CVSS6.6AI score0.00202EPSS
Exploits0References3
snyk
snyk
added 2025/06/26 9:12 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the nftables rule generation process. An attacker can gain unauthorized access to network traffic and impersonate other virtual machines or containers by exploiting the partial bypass of security filtering...

8.1CVSS6.9AI score0.00195EPSS
Exploits0References2
github
github
added 2025/06/26 9:12 p.m.11 views

Incus creates nftables rules that partially bypass security options

Summary When using an ACL on a device connected to a bridge, Incus generates nftables rules that partially bypass security options security.macfiltering, security.ipv4filtering and security.ipv6filtering. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the...

8.1CVSS7.1AI score0.00195EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/06/26 9:12 p.m.5 views

GHSA-P7FW-VJJM-2RWP Incus creates nftables rules that partially bypass security options

Summary When using an ACL on a device connected to a bridge, Incus generates nftables rules that partially bypass security options security.macfiltering, security.ipv4filtering and security.ipv6filtering. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the...

8.1CVSS7.1AI score0.00195EPSS
Exploits0References4
snyk
snyk
added 2025/06/26 9:12 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the nftables rule generation process. An attacker can gain unauthorized access to network traffic and impersonate other virtual machines or containers by exploiting the partial bypass of security filtering...

8.1CVSS6.9AI score0.00195EPSS
Exploits0References2
snyk
snyk
added 2025/06/26 9:11 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper enforcement of resource limits in the nftables rules generation process for managed bridge networks. An attacker can exhaust the DHCP pool and disrupt network...

4.8CVSS7AI score0.00202EPSS
Exploits0References2
Rows per page
Query Builder