Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : freeradius-3.0.13-10.el7 (AXSA:2019-3883:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3883:01 advisory. Security Fix - FreeRADIUSCVE-2019-9497 Dragonblood CVE-2019-11234 - FreeRADIUSCVE-2019-9498CVE-2019-9499 Dragonblood CVE-2019-11235...

9.8CVSS6.5AI score0.07624EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2021/07/02 6:21 p.m.49 views

Advisory ROSA-SA-2021-1998

Software: wpasupplicant 2.6 OS: Cobalt 7.9 CVE-ID: CVE-2017-13084 CVE-Crit: MEDIUM CVE-DESC: Wi-Fi Protected Access WPA and WPA2 allows the Station-to-Station-Link STSL temporary key STK to be reassigned during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or...

8.1CVSS7.2AI score0.05372EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/05 5:8 p.m.34 views

CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

8.1CVSS2.6AI score0.05372EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/02/16 12:0 a.m.41 views

openSUSE: Security Advisory for hostapd (openSUSE-SU-2020:0222-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS7.5AI score0.05372EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.42 views

Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-1036)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.05372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/12/26 9:49 p.m.39 views

CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS3.1AI score0.07624EPSS
Exploits0References3
Debian
Debian
added 2019/07/31 10:10 p.m.112 views

[SECURITY] [DLA 1867-1] wpa security update

Package : wpa Version : 2.3-1+deb8u8 CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555 Debian Bug : 927463 Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-949...

8.1CVSS6.8AI score0.05372EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/05/09 3:21 p.m.5 views

freeradius: eap-pwd: fake authentication using reflection

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS7.3AI score0.07624EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.31 views

Fedora 30 : hostapd (2019-eba1109acd)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.38 views

Fedora 30 : 1:wpa_supplicant (2019-ca49dfd42f)

include fix for : CVE-2019-9494 CVE-2019-9495 CVE-2019-9496 CVE-2019-9497 CVE-2019-9498 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.37 views

Fedora 29 : hostapd (2019-f409af9fbe)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.38 views

Fedora 28 : hostapd (2019-d03bae77f5)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
NVD
NVD
added 2019/04/22 11:29 a.m.22 views

CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS8.2AI score0.07624EPSS
Exploits0References11
Prion
Prion
added 2019/04/22 11:29 a.m.21 views

Authentication flaw

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

7.5CVSS8AI score0.07624EPSS
Exploits0References11Affected Software3
AlpineLinux
AlpineLinux
added 2019/04/17 1:31 p.m.37 views

CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

8.1CVSS8.1AI score0.05372EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/11 12:0 a.m.51 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerabilities (USN-3944-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3944-1 advisory. It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP- pwd. A remote attacker cou...

8.1CVSS6.6AI score0.05372EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2019/04/11 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-3944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.4AI score0.05372EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2019/04/10 4:53 p.m.176 views

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

8.1CVSS6.6AI score0.05372EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/04/10 3:0 p.m.32 views

CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References3
OSV
OSV
added 2019/04/10 3:0 p.m.5 views

UBUNTU-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

8.1CVSS6.7AI score0.05372EPSS
Exploits0References4
Rows per page
Query Builder