CVE-2026-46248

A flaw was found in the Linux kernel's ath12k Wi-Fi driver. When an arvif Access Point Virtual Interface is initialized in non-AP STA mode and a Multi-Link Operation MLO connection fails before the arvif is fully created, a stale link mapping can persist. This can lead to a kernel warning WARNON...

Aruba Instant Access Point (IAP) - Cross-Site Scripting

A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

CVE-2019-25719

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

CVE-2026-20452

The CVE-2026-20452 entry concerns memory corruption in the wlan AP driver caused by a heap buffer overflow. Impact is remote (proximal/adjacent) code execution with HIGH confidentiality, integrity, and availability impact, exploitable with adjacent network access, low privileges, and no user inte...

EUVD-2026-33541

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

FreeBSD 操作系统命令注入漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has a vulnerability related to command injection attacks. This vulnerability arises from the lack of protection when scanning Wi-Fi networks, as shell extensions may be used to manipulate network names. This allo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211 – Fix for NULL-ptr dereference in the offchan check. If, for example, in AP mode, the link has already been created by the user space, but has not yet been activated, it has a chandef field, but the chandef is inval...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211 – Set special AP channel widths to disallowed. Setting the AP channel width is intended for use with the standard 20/40/… MHz channel width progression. Switching between narrow channels in S1G mode is not supported...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed a deadlock issue in AP/VLAN handling. Syzbot reports that when APVLAN interfaces are active, closing the AP interface they belong to can lead to a deadlock. This isn’t surprising—since we use devclose to handle...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: wifi: mwifiex: Do not return unused priv pointers in mwifiexgetprivbyid. mwifiexgetprivbyid returns the priv pointer corresponding to bssnum and bsstype, but without checking whether the priv is actually in use. Unused priv...

Astra Linux - уязвимость в chromium

In the Network Config UI of the Google Chrome browser on ChromeOS, incorrect security user interfaces prior to version 90.0.4430.72 allowed a remote attacker to potentially compromise Wi-Fi connection security through a malicious wireless adapter...

EUVD-2026-29942

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

EUVD-2026-29943

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

EUVD-2026-29940

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

EUVD-2026-29935

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...