Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2016-4477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and...

7.8CVSS6.7AI score0.00255EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 7 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - hostapd 0.6.7 throu...

7.5CVSS8AI score0.02858EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.28 views

RHEL 6 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: P2P group information processing vulnerability CVE-2021-0326 - wpasupplicant: EAP-pwd...

8AI score0.04707EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.20 views

Debian: Security Advisory (DLA-473-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.02858EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/10/18 12:0 a.m.35 views

Ubuntu: Security Advisory (USN-3455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.5AI score0.04575EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/10/17 12:0 a.m.45 views

Ubuntu 14.04 LTS / 16.04 LTS : wpa_supplicant and hostapd vulnerabilities (USN-3455-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3455-1 advisory. Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key...

8.1CVSS7.6AI score0.04575EPSS
Exploits1References12
ArchLinux
ArchLinux
added 2016/10/08 12:0 a.m.47 views

[ASA-201610-7] wpa_supplicant: multiple issues

Arch Linux Security Advisory ASA-201610-7 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : wpasupplicant Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

7.8CVSS1.2AI score0.02858EPSS
Exploits0References4
Mageia
Mageia
added 2016/05/21 10:11 p.m.49 views

Updated wpa_supplicant packages fix security vulnerabilities

Updated wpasuppliant packages fix security vulnerabilities: A vulnerability was found in how wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or...

7.8CVSS1.9AI score0.02858EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/05/20 12:0 a.m.42 views

FreeBSD : hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written (967b852b-1e28-11e6-8dd3-002590263bf5)

Jouni Malinen reports : psk configuration parameter update allowing arbitrary data to be written 2016-1 - CVE-2016-4476/CVE-2016-4477. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

7.8CVSS6.8AI score0.02858EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/05/16 12:0 a.m.34 views

Debian DLA-473-1 : wpa security update

A vulnerability was found in how hostapd and wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or through local configuration change over the...

7.8CVSS7AI score0.02858EPSS
Exploits0References4
Debian
Debian
added 2016/05/14 9:19 p.m.27 views

[SECURITY] [DLA 473-1] wpa security update

Package : wpa Version : 1.0-3+deb7u4 CVE ID : CVE-2016-4476 CVE-2016-4477 Debian Bug : 823411 A vulnerability was found in how hostapd and wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters...

7.8CVSS7.4AI score0.02858EPSS
Exploits0
OSV
OSV
added 2016/05/14 12:0 a.m.29 views

DLA-473-1 wpa - security update

Bulletin has no description...

7.8CVSS6.3AI score0.02858EPSS
Exploits0
OSV
OSV
added 2016/05/09 10:59 a.m.19 views

CVE-2016-4477

wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...

7.8CVSS6.7AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/05/09 10:59 a.m.3 views

CVE-2016-2447

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4477. Reason: This candidate is a reservation duplicate of CVE-2016-4477. Notes: All CVE users should reference CVE-2016-4477 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.8AI score
Exploits0References3
Prion
Prion
added 2016/05/09 10:59 a.m.22 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4477. Reason: This candidate is a reservation duplicate of CVE-2016-4477. Notes: All CVE users should reference CVE-2016-4477 instead of this candidate. All references and descriptions in this candidate have been removed to...

7.5AI score0.00255EPSS
Exploits0
CVE
CVE
added 2016/05/09 10:0 a.m.107 views

CVE-2016-4477

CVE-2016-4477 affects wpa_supplicant (and hostapd) when updating WPA/WPA2 passphrases: input containing newline/control characters can cause the updated configuration to execute code or disrupt service. In practice, this enables local privilege escalation via the control interface (SET_NETWORK) a...

7.8CVSS7.2AI score0.00255EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder