5 results (0.002 seconds)

CVSS: 4.2EPSS: 1%CPEs: 1EXPL: 1

12 Jul 2019 — A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. Un desbordamiento de búfer en iptables-restore en iptables versión 1.8.2 de netfilter, permite a un atacante (al menos) bloquear el programa o conseguir potencialmente la ejecución de código por medio de un archivo iptables-save especialmente diseñado. Esto está re... • https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 1

21 Aug 2015 — conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. Vulnerabilidad en conntrackd en conntrack-tools 1.4.2 y versiones anteriores, no asegura que los módulos opcionales del kernel sean cargados antes de usarlos, lo cual permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete (1) DCCP, ... • http://bugzilla.netfilter.org/show_bug.cgi?id=910 • CWE-17: DEPRECATED: Code •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

15 Feb 2014 — extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. extensions/libxt_tcp.c en iptables hasta 1.4.21 no hace conincidir paquetes TCP SYN+FIN en reglas --syn, lo que podría permitir a atacantes remotos evadir las restricciones de firewall a través de paquetes manipulados. NOTA: la solución de CVE-2012-6638 ... • http://www.spinics.net/lists/netfilter-devel/msg21248.html •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

05 Nov 2001 — iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50500 • CWE-203: Observable Discrepancy •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

05 Nov 2001 — iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=53325 • CWE-770: Allocation of Resources Without Limits or Throttling •