Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-19814

Malware in sbrugna...

8CVSS8AI score0.01991EPSS
Exploits1References2
Mageia
Mageia
added 2024/10/04 5:27 a.m.28 views

Updated hostapd & wpa_supplicant packages fix security vulnerability

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive th...

7.4CVSS7.2AI score0.00716EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/05/28 6:22 p.m.53 views

CVE-2023-52424

A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange...

7.4CVSS6.6AI score0.00716EPSS
Exploits0References4
NVD
NVD
added 2024/05/17 9:15 p.m.18 views

CVE-2023-52424

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive th...

7.4CVSS6.4AI score0.00716EPSS
Exploits0References4
OSV
OSV
added 2024/05/17 9:15 p.m.27 views

CVE-2023-52424

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive th...

6.7AI score0.00716EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/05/17 8:28 p.m.105 views

CVE-2023-52424

CVE-2023-52424 describes an SSID confusion vulnerability in IEEE 802.11 where the SSID is not always used to derive PMK/session keys and the 4‑way handshake may proceed without a protected SSID exchange. An adjacent attacker can lure victims to connect to an unintended/untrusted network using Hom...

7.4CVSS6.7AI score0.00716EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/05/16 4:2 p.m.23 views

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all...

7.3AI score0.00716EPSS
Exploits0
CNVD
CNVD
added 2021/06/07 12:0 a.m.26 views

Realtek RTL8710 Buffer Overflow Vulnerability

The Realtek RTL8710, an IoT microcontroller from Realtek Semiconductor Taiwan, China, suffers from a buffer overflow vulnerability that could be exploited to send a manual "Encrypted GTK" value as part of a as part of a WPA2 4-way handshake...

8CVSS3.6AI score0.01991EPSS
Exploits1References1
NVD
NVD
added 2021/06/04 1:15 p.m.21 views

CVE-2020-27302

A stack buffer overflow in Realtek RTL8710 and other Ameba-based devices can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake...

8CVSS0.02009EPSS
Exploits1References1
NVD
NVD
added 2021/06/04 1:15 p.m.27 views

CVE-2020-27301

A stack buffer overflow in Realtek RTL8710 and other Ameba-based devices can lead to remote code execution via the "AESUnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake...

8CVSS0.01991EPSS
Exploits1References1
Prion
Prion
added 2021/06/04 1:15 p.m.30 views

Stack overflow

A stack buffer overflow in Realtek RTL8710 and other Ameba-based devices can lead to remote code execution via the "AESUnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake...

7.7CVSS8.2AI score0.01991EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/06/04 12:24 p.m.28 views

CVE-2020-27302

A stack buffer overflow in Realtek RTL8710 and other Ameba-based devices can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake...

8.3AI score0.02009EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2021/03/20 12:0 a.m.27 views

Security update for connman (moderate)

openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0452-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...

8.8CVSS8.4AI score0.01301EPSS
Exploits0References1
Veracode
Veracode
added 2019/05/16 1:48 a.m.34 views

Key Reinstallation Attack (KRACK)

WPA and WPA2 are vulnerable to key reinstallation attacks KRACK. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key GTK during a 4-way handshake...

5.3CVSS6.6AI score0.0207EPSS
Exploits0References36Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.26 views

FreeBSD : wpa_supplicant -- unauthenticated encrypted EAPOL-Key data (6bedc863-9fbe-11e8-945f-206a8a720317)

SO-AND-SO reports : A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...

6.5CVSS6.3AI score0.01404EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/11/02 10:8 p.m.226 views

Internet Bug Bounty: Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse

Full background information is at krackattacks.com and all detailed information can be found in our research paper. Key Reinstallation Attack: 4-way handshake example We use the 4-way handshake to illustrate the idea behind key reinstallation attacks CVE-2017-13077. Note that in practice, all...

5.8CVSS6.7AI score0.04575EPSS
Exploits1
myhack58
myhack58
added 2017/10/18 12:0 a.m.80 views

KRACK: WPA2 series of vulnerabilities in the event of early warning-vulnerability warning-the black bar safety net

2017 10 on 16 September, called KRACK vulnerability flaws bug invasion attack method is expressed, for WiFi+WPA2 collect intrusion attack. KRACK tension is the application of 802. 11i 4-way handshake vulnerability in the flaws bug to the ultimate completion of the decryption and fabricated...

5.4CVSS7AI score0.04575EPSS
Exploits1
OpenVAS
OpenVAS
added 2016/03/08 12:0 a.m.44 views

Debian Security Advisory DSA 3503-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local Unix sockets to allocate an unfair share of kernel memory,...

10CVSS0.8AI score0.14281EPSS
Exploits17References1
Rows per page
Query Builder