CVE-2026-52921

A flaw was found in the Linux kernel's netfilter ipset component. Specifically, certain hash set variants such as hash:ip,mark and hash:ip,port that iterate IPv4 ranges with a 32-bit iterator do not correctly stop at the end of the requested range. This can cause the iteration to advance beyond t...

EUVD-2025-208406

In some cases, the tcp-setmss handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host ma...

EUVD-2012-3422

Malware in sbrugna...

CVE-2012-3462

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context...

SUSE CVE-2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an...

The vulnerability of the IDFW rule processing function in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software allows attackers to circumvent security restrictions.

The vulnerability of the IDFW rule processing function in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD software relates to deficiencies in access control lists ACLs. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions by sendi...

CVE-2020-25580

In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access5 rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored...

The vulnerability of the `ofproto_rule_insert__()` function in the Open vSwitch software multi-level switch allows a attacker to cause a service failure.

The vulnerability of the ofprotoruleinsert function in the microprogramming-based software for programmable multi-level switches called Open vSwitch OvS is related to errors in rule checking during flow processing. Exploiting this vulnerability could allow a malicious actor to cause service...

ALPINE-CVE-2017-3140

If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1...

UBUNTU-CVE-2017-3140

If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1...

Design/Logic Flaw

Use after free in QSH client rule processing in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 820, SD 835, SDA660, SDM630, SDM660,...