Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : freeradius-3.0.13-10.el7 (AXSA:2019-3883:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3883:01 advisory. Security Fix - FreeRADIUSCVE-2019-9497 Dragonblood CVE-2019-11234 - FreeRADIUSCVE-2019-9498CVE-2019-9499 Dragonblood CVE-2019-11235...

9.8CVSS6.5AI score0.07624EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/02/16 12:0 a.m.41 views

openSUSE: Security Advisory for hostapd (openSUSE-SU-2020:0222-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS7.5AI score0.05372EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.42 views

Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-1036)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.05372EPSS
Exploits0References2
Debian
Debian
added 2019/07/31 10:10 p.m.107 views

[SECURITY] [DLA 1867-1] wpa security update

Package : wpa Version : 2.3-1+deb8u8 CVE ID : CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2019-11555 Debian Bug : 927463 Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-949...

8.1CVSS6.8AI score0.05372EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.31 views

Fedora 30 : hostapd (2019-eba1109acd)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.38 views

Fedora 28 : hostapd (2019-d03bae77f5)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/04/24 12:0 a.m.37 views

Fedora 29 : hostapd (2019-f409af9fbe)

Update to version 2.7 from upstream Security fix for CVE-2019-9494 cache attack against SAE Security fix for CVE-2019-9495 cache attack against EAP-pwd Security fix for CVE-2019-9496 SAE confirm missing state validation in hostapd/AP Security fix for CVE-2019-9497 EAP-pwd server not checking for...

8.1CVSS6.8AI score0.05372EPSS
Exploits0References7
CVE
CVE
added 2019/04/21 4:40 p.m.262 views

CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the Dragonblood protection check in EAP-PWD, potentially enabling authentication bypass or injection of invalid curve data. Public advisories from Debian, Amazon Linux 2, CentOS 7, and Alpine Linux reference CVE-2019-11235 and indicate fixes are provided by upg...

9.8CVSS8.1AI score0.03566EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2019/04/17 1:31 p.m.259 views

CVE-2019-9499

CVE-2019-9499 concerns the EAP-pwd implementation in wpa_supplicant (and related hostapd/EAP-pwd paths) where, when built against a crypto library lacking explicit validation, the scalar and element values in EAP-pwd-Commit are not validated. This allows an attacker to craft a commit message and ...

8.1CVSS8AI score0.02386EPSS
Exploits0References9Affected Software2
Debian CVE
Debian CVE
added 2019/04/17 1:31 p.m.34 views

CVE-2019-9499

The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...

8.1CVSS7.8AI score0.02386EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/04/17 1:31 p.m.49 views

CVE-2019-9499

The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...

8.1CVSS8.1AI score0.02386EPSS
Exploits0
OpenVAS
OpenVAS
added 2019/04/11 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-3944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.4AI score0.05372EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/04/11 12:0 a.m.51 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerabilities (USN-3944-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3944-1 advisory. It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP- pwd. A remote attacker cou...

8.1CVSS6.6AI score0.05372EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2019/04/10 4:53 p.m.176 views

USN-3944-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant and hostapd were vulnerable to a side channel attack against EAP-pwd. A remote attacker could possibly use this issue to recover certain passwords. CVE-2019-9495 Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly validated received scalar and...

8.1CVSS6.6AI score0.05372EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/04/10 3:0 p.m.30 views

CVE-2019-9499

The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...

8.1CVSS6.9AI score0.02386EPSS
Exploits0References3
Rows per page
Query Builder