Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fixed a potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

CVE-2025-47384 Reachable Assertion in FW

Transient DOS when MAC configures config id greater than supported maximum value...

CVE-2025-47384

CVE-2025-47384 describes a transient denial-of-service in the MAC layer when a configuration identifier exceeds the maximum supported value. The root cause, as stated across linked records, is an out-of-range config id; this leads to a temporary DOS condition without broader impact to confidentia...

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...

PT-2026-22647

Transient DOS when MAC configures config id greater than supported maximum value...

CVE-2025-71099

A use-after-free flaw was found in the Intel Xe graphics driver's observability architecture OA configuration interface. In xeoaaddconfigioctl, the oaconfig-id is accessed after dropping the metricslock. An attacker could race to remove the configuration via xeoaremoveconfigioctl, freeing the...

UBUNTU-CVE-2025-71099

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

PT-2026-2620

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s DRM Xe driver contains a use-after-free issue within the OA configuration interface, specifically in the xe oa add config ioctl function. The issue arises from accessi...

CVE-2022-50591

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2022-50591

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2022-50591

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2022-50591 Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2022-50591 Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2021-47696

Nagios XI prior to 5.8.0 is vulnerable to cross-site scripting (XSS) via BPI config ID handling. The issue arises from insufficient input validation/escaping of user-supplied data in BPI config ID processing, enabling an attacker to inject script executed in a victim’s browser. Affected product: ...

RaspAP Command Injection vulnerability

A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfgid parameter in /ajax/openvpn/activateovpncfg.php and /ajax/openvpn/delovpncfg.php...

CVE-2021-24953

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Advanced iFrame plugin versions prior to 2022 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

PT-2015-3672 · D Link · D-Link Dap-1360

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 router versions 2.5.4 and later Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" when res config id is set to 41. This could...