Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : freeradius-3.0.13-10.el7 (AXSA:2019-3883:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3883:01 advisory. Security Fix - FreeRADIUSCVE-2019-9497 Dragonblood CVE-2019-11234 - FreeRADIUSCVE-2019-9498CVE-2019-9499 Dragonblood CVE-2019-11235...

9.8CVSS6.5AI score0.07624EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.4 views

SUSE CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

6.8CVSS6.8AI score0.02386EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2020/02/16 12:0 a.m.41 views

openSUSE: Security Advisory for hostapd (openSUSE-SU-2020:0222-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS7.5AI score0.05372EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.42 views

Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-1036)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.05372EPSS
Exploits0References2
Debian
Debian
added 2019/07/31 10:10 p.m.107 views

[SECURITY] [DLA 1867-1] wpa security update

Package : wpa Version : 2.3-1+deb8u8 CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555 Debian Bug : 927463 Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-949...

8.1CVSS6.8AI score0.05372EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.38 views

Fedora 30 : 1:wpa_supplicant (2019-ca49dfd42f)

include fix for : CVE-2019-9494 CVE-2019-9495 CVE-2019-9496 CVE-2019-9497 CVE-2019-9498 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.31 views

Fedora 30 : hostapd (2019-eba1109acd)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.37 views

Fedora 29 : hostapd (2019-f409af9fbe)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.38 views

Fedora 28 : hostapd (2019-d03bae77f5)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
CVE
CVE
added 2019/04/21 4:40 p.m.262 views

CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the Dragonblood protection check in EAP-PWD, potentially enabling authentication bypass or injection of invalid curve data. Public advisories from Debian, Amazon Linux 2, CentOS 7, and Alpine Linux reference CVE-2019-11235 and indicate fixes are provided by upg...

9.8CVSS8.1AI score0.03566EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2019/04/17 2:29 p.m.22 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

8.1CVSS7.9AI score0.02386EPSS
Exploits0References9
OSV
OSV
added 2019/04/17 2:29 p.m.24 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

8.1CVSS7.9AI score
Exploits0References9
OSV
OSV
added 2019/04/17 2:29 p.m.2 views

ALPINE-CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

8.1CVSS6.8AI score0.02386EPSS
Exploits0References1
CVE
CVE
added 2019/04/17 1:31 p.m.240 views

CVE-2019-9498

CVE-2019-9498 concerns the EAP-PWD implementation in hostapd EAP Server and the EAP-pwd support in wpa_supplicant with SAE. The issue: when built against crypto libraries that do not validate imported elements, the scalar and element values presented in EAP-pwd-Commit are not validated. An attack...

8.1CVSS7.9AI score0.02386EPSS
Exploits0References9Affected Software2
Cvelist
Cvelist
added 2019/04/17 1:31 p.m.29 views

CVE-2019-9498 The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

7.9AI score0.02386EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2019/04/17 1:31 p.m.24 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

8.1CVSS7.7AI score0.02386EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/04/11 12:0 a.m.51 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerabilities (USN-3944-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3944-1 advisory. It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP- pwd. A remote attacker cou...

8.1CVSS6.6AI score0.05372EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2019/04/11 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-3944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.4AI score0.05372EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2019/04/10 4:53 p.m.176 views

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

8.1CVSS6.6AI score0.05372EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/04/10 3:0 p.m.33 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

8.1CVSS6.9AI score0.02386EPSS
Exploits0References3
Rows per page
Query Builder