Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2021-2024 Canonical, Inc. / NASL script (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5018-1.NASL
HistoryJul 21, 2021 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5018-1)

2021-07-2100:00:00
Ubuntu Security Notice (C) 2021-2024 Canonical, Inc. / NASL script (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
62

7.9 High

AI Score

Confidence

High

JSON

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5018-1 advisory.

  • The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
    (CVE-2020-24586)

  • The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn’t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)

  • An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)

  • An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)

  • Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. (CVE-2020-26558)

  • Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)

  • Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. (CVE-2021-23134)

  • kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)

  • net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)

  • In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)

  • kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
    (CVE-2021-33200)

  • fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5018-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151920);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2020-24586",
    "CVE-2020-24587",
    "CVE-2020-26139",
    "CVE-2020-26147",
    "CVE-2020-26558",
    "CVE-2021-0129",
    "CVE-2021-23134",
    "CVE-2021-31829",
    "CVE-2021-32399",
    "CVE-2021-33034",
    "CVE-2021-33200",
    "CVE-2021-33909"
  );
  script_xref(name:"USN", value:"5018-1");
  script_xref(name:"IAVA", value:"2021-A-0350");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5018-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-5018-1 advisory.

  - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent
    Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a
    network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,
    CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
    (CVE-2020-24586)

  - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent
    Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary
    can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP,
    CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)

  - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other
    clients even though the sender has not yet successfully authenticated to the AP. This might be abused in
    projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier
    to exploit other vulnerabilities in connected clients. (CVE-2020-26139)

  - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble
    fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject
    packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP,
    CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)

  - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby
    man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication
    procedure) by reflection of the public key and the authentication evidence of the initiating device,
    potentially permitting this attacker to complete authenticated pairing with the responding device using
    the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit
    at a time. (CVE-2020-26558)

  - Improper access control in BlueZ may allow an authenticated user to potentially enable information
    disclosure via adjacent access. (CVE-2021-0129)

  - Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to
    elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local
    user with the CAP_NET_RAW capability. (CVE-2021-23134)

  - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading
    to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not
    protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized
    data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)

  - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI
    controller. (CVE-2021-32399)

  - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an
    hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)

  - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic
    operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel
    memory, leading to local privilege escalation to root. In particular, there is a corner case where the off
    reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
    (CVE-2021-33200)

  - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer
    allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an
    unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5018-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33909");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/07/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1078-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1106-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1121-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-151-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-151-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-151-lowlatency");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2021-2024 Canonical, Inc. / NASL script (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '16.04': {
    '4.15.0': {
      'generic': '4.15.0-151',
      'lowlatency': '4.15.0-151',
      'oracle': '4.15.0-1078',
      'gcp': '4.15.0-1106',
      'aws': '4.15.0-1109',
      'azure': '4.15.0-1121'
    }
  },
  '18.04': {
    '4.15.0': {
      'generic': '4.15.0-151',
      'generic-lpae': '4.15.0-151',
      'lowlatency': '4.15.0-151',
      'oracle': '4.15.0-1078',
      'raspi2': '4.15.0-1092',
      'kvm': '4.15.0-1097',
      'gcp': '4.15.0-1106',
      'snapdragon': '4.15.0-1109',
      'azure': '4.15.0-1121'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5018-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2020-24586', 'CVE-2020-24587', 'CVE-2020-26139', 'CVE-2020-26147', 'CVE-2020-26558', 'CVE-2021-0129', 'CVE-2021-23134', 'CVE-2021-31829', 'CVE-2021-32399', 'CVE-2021-33034', 'CVE-2021-33200', 'CVE-2021-33909');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5018-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxlinux-image-4.15.0-1078-oraclep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1078-oracle
canonicalubuntu_linuxlinux-image-4.15.0-1092-raspi2p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-raspi2
canonicalubuntu_linuxlinux-image-4.15.0-1097-kvmp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-kvm
canonicalubuntu_linuxlinux-image-4.15.0-1106-gcpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1106-gcp
canonicalubuntu_linuxlinux-image-4.15.0-1109-awsp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-aws
canonicalubuntu_linuxlinux-image-4.15.0-1109-snapdragonp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-snapdragon
canonicalubuntu_linuxlinux-image-4.15.0-1121-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1121-azure
canonicalubuntu_linuxlinux-image-4.15.0-151-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-151-generic
Rows per page:
1-10 of 121

Related

osv 14
ubuntu 10
openvas 39
nessus 74
suse 6
cloudfoundry 2
oraclelinux 8
debian 5
intel 2
almalinux 1
redhat 14
rocky 1
amazon 1
lenovo 2
hp 1
mageia 4
checkpoint_security 1
gentoo 1
cisco 1
thn 1
threatpost 1
hackerone 1
malwarebytes 1
ics 1
slackware 1
arista 1
veracode 1
ubuntucve 1
fedora 3
osv
osv
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2021-07-20 22:11:51
linux-kvm vulnerabilities
2021-06-25 19:56:40
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2021-06-23 03:36:14
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-07-20 00:00:00
Linux kernel (KVM) vulnerabilities
2021-06-25 00:00:00
Linux kernel vulnerabilities
2021-06-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5018-1)
2021-07-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1887-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:1913-1)
2021-06-10 00:00:00
nessus
nessus
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 18 for SLE 12 SP5) (SUSE-SU-2021:2020-1)
2021-06-21 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15) (SUSE-SU-2021:2057-1)
2021-06-21 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1889-1)
2021-06-09 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2021-06-06 00:00:00
Security update for the Linux Kernel (important)
2021-07-01 00:00:00
Security update for bluez (moderate)
2021-07-12 00:00:00
cloudfoundry
cloudfoundry
USN-5000-1: Linux kernel vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
USN-5017-1: Linux kernel vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2021-07-21 00:00:00
Unbreakable Enterprise kernel security update
2021-08-10 00:00:00
Unbreakable Enterprise kernel-container security update
2021-08-10 00:00:00
debian
debian
[SECURITY] [DLA 2692-1] bluez security update
2021-06-26 23:26:46
[SECURITY] [DLA 2690-1] linux-4.19 security update
2021-06-23 00:05:06
[SECURITY] [DSA 4951-1] bluez security update
2021-08-07 18:51:55
intel
intel
BlueZ Advisory
2021-06-08 00:00:00
Intel® PROSet/Wireless WiFi , Intel vPro® CSME WiFi and Killer™ WiFi Advisory Advisory
2021-05-11 00:00:00
almalinux
almalinux
Important: kernel security and bug fix update
2021-07-20 13:30:15
redhat
redhat
(RHSA-2021:2728) Important: kernel security update
2021-07-20 20:17:45
(RHSA-2021:2720) Important: kpatch-patch security update
2021-07-20 20:09:28
(RHSA-2021:2716) Important: kpatch-patch security update
2021-07-20 19:38:11
rocky
rocky
kernel security and bug fix update
2021-07-20 13:30:15
amazon
amazon
Important: kernel
2021-07-14 20:35:00
lenovo
lenovo
Intel® PROSet and Wireless WiFi, Intel vPro® CSME WiFi, and Intel® Killer™ WiFi Advisory - Lenovo Support NL
2021-05-11 20:39:26
Aggregation and Fragmentation Attacks against Wi-Fi (FragAttacks) Vulnerabilities - Lenovo Support NL
2021-06-07 20:37:01
hp
hp
Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi May 2021 Security Updates
2021-05-14 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-06-14 00:32:39
Updated kernel packages fix security vulnerabilities
2021-05-19 22:29:59
Updated kernel-linus packages fix security vulnerabilities
2021-05-19 22:29:59
checkpoint_security
checkpoint_security
Check Point Response to Wi-Fi FragAttacks in Quantum Spark appliances
2021-06-09 23:24:30
gentoo
gentoo
BlueZ: Multiple Vulnerabilities
2022-09-29 00:00:00
cisco
cisco
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
2021-05-11 18:00:00
thn
thn
Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks
2021-05-12 13:07:00
threatpost
threatpost
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
2021-05-12 15:48:05
hackerone
hackerone
Internet Bug Bounty: Fragmentation and Aggregation Flaws in Wi-Fi
2021-06-19 21:24:25
malwarebytes
malwarebytes
FragAttack: New Wi-Fi vulnerabilities that affect… basically everything
2021-05-12 17:31:21
ics
ics
Hitachi ABB Power Grids TropOS
2021-08-24 12:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2021-07-21 05:44:30
arista
arista
Security Advisory 0063
2021-05-25 00:00:00
veracode
veracode
Information Disclosure
2021-12-12 23:37:40
ubuntucve
ubuntucve
CVE-2021-31829
2021-05-06 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: kernel-tools-5.11.19-200.fc33
2021-05-13 01:22:04
[SECURITY] Fedora 32 Update: kernel-5.11.19-100.fc32
2021-05-13 01:23:20
[SECURITY] Fedora 32 Update: kernel-tools-5.11.19-100.fc32
2021-05-13 01:23:20

7.9 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-5018-1.NASL
osv14ubuntu10openvas39nessus74suse6cloudfoundry2oraclelinux8debian5intel2almalinux1redhat14rocky1amazon1lenovo2hp1mageia4checkpoint_security1gentoo1cisco1thn1threatpost1hackerone1malwarebytes1ics1slackware1arista1veracode1ubuntucve1fedora3