logo
DATABASE RESOURCES PRICING ABOUT US

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : wpa_supplicant and hostapd vulnerabilities (USN-4734-1)

Description

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4734-1 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695) - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related